Loading...
The URL can be used to link to this page
Your browser does not support the video tag.
R-22-46
VILLAGE OF DEERFIELD RESOLUTION NO. 2022- R-22-46 AUTHORIZING THE RENEWAL OF THE AGREEMENT WITH BAKER TILLY TO PROVIDE PROFESSIONAL AUDITING SERVICES FOR FISCAL YEARS 2022 THROUGH 2O26 WHEREAS, the Village is required to conduct an audit of public funds on an annual basis; and WHEREAS, on December 4, 2017, the Village entered into an agreement with Baker Tilly Virchow Krause, LLP ("Consultant') to provide the Village with audit services ("Services'); and WHEREAS, pursuant to Section 4 of the Agreement, the Village and Consultant may renew and extend the Agreement for an additional five-year term upon the mutual written agreement of the Parties; and WHEREAS, Consultant has provided the Village with satisfactory Services during the Initial Term; and WHEREAS, Consultant and the Village now desire to renew the Agreement for an additional five-year term; and WHEREAS, it is in the best interest of the Village to renew the Agreement with the Consultant for provision of the Services; SECTION 1: RECITALS. The Village Board hereby adopts the foregoing recitals as its findings, as if fully set forth herein. SECTION 2: AUTHORIZATION TO APPROVE AMENDMENT. Pursuant to its home rule authority, the Village Board hereby authorizes the Village Manager to approve the Amendment to the Agreement in substantially the same form as attached in Exhibit A and a final form approved by the Village Attorney. SECTION 3: AUTHORIZATION TO EXECUTE AMENDMENT. The Mayor and the Village Clerk are hereby authorized and directed to execute and attest, on behalf of the Village, the final Contract upon receipt by the Village Clerk of at least one original copy of the final Agreement executed by Consultant; provided, however, that if the executed copy of the final Contract is not received by the Village Clerk within 60 days after the effective date of this Resolution, then this authority to execute and attest will, at the option of the Mayor and Board of Trustees, be null and void. SECTION 4: EFFECTIVE DATE. This Resolution shall be in full force and effect from and after its passage and approval according to law. {00128082.1) [SIGNATURE PAGE FOLLOWS] AYES: Benton, Berg, Jacoby, Metts-Childers, Oppenheim, Seiden NAYS: None ABSTAIN: None ABSENT: None PASSED: September 6, 2022 APPROVED: September 6, 2022 RESOLUTION NO. R-22-46 Daniel C. Shapiro, Mayor ATTEST: 2 Kent S. Str et, Village Clerk (00128082.1 } EXHIBIT A {00128082.1} FIRST AMENDMENT TO AUDIT SERVICES AGREEMENT THIS FIRST AMENDMENT TO THE AUDIT SERVICES AGREEMENT ("Amendment'), dated as of this 21 day of December, , 2022, ("Effective Date'), is by and between the VILLAGE OF DEERFIELD, an Illinois home rule municipal corporation ("Village') and BAKER TILLY VIRCHOW KRAUSE, LLP, and Illinois limited liability partnership ("Consultant') (together, the Village and the Consultant are referred to as the `Parties'). RECITALS WHEREAS, the Village and Consultant entered into that certain Audit Services Agreement, dated December 4, 2017 ("Agreement') for Consultant to provide the Village audit services ("Services'), which Services are more fully described in the Agreement; and WHEREAS, the Initial Term of the Agreement ends upon the completion of the Services for the Village's 2021 Fiscal Year; and WHEREAS, pursuant to Section 4 of the Agreement, the Village and Consultant may renew and extend the Agreement for an additional five-year term upon the mutual written agreement of the Parties; and WHEREAS, Consultant and the Village now desire to renew the Agreement for an additional five-year term and to amend the agreement amount; NOW THEREFORE, in consideration of the foregoing, the mutual promises and covenants contained herein, and for other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the Village and the Consultant agree as follows: SECTION 1. RECITALS. The recitals set forth above are true and correct and are hereby incorporated into this Agreement as if fully stated herein. SECTION 2. DEFINITIONS.; RULES OF CONSTRUCTION. A. Definitions. All capitalized words and phrases used throughout this Amendment have the meanings set forth in the various provisions of this Amendment. If a word or phrase is not specifically defined in this Amendment, it has the same meaning as in the Agreement. B. Rules of Construction. Except as specifically provided in this Amendment, all terms, provisions and requirements contained in the Agreement remain unchanged and in full force and effect. In the event of a conflict between the text of the Agreement and the text of this Amendment, the text of this Amendment controls. SECTION 3. EXTENSION OF TERM. Pursuant to Section 4 of the Agreement, the Village and Consultant hereby agree that the term of the Agreement is hereby extended for a renewal term commencing with the Village's 2022 Fiscal Year and ending upon final completion of Services for the Village's 2026 Fiscal Year ("Renewal Term'), during which Renewal Term Consultant must diligently and continuously prosecute the Services. (00128081.11 SECTION 4. AGREEMENT PRICE. Consultant shall charge the Village for the Services consistent with the terms of the Agreement, provided, however, that the rates for Services shall be charged as set forth in Exhibit A, attached hereto and incorporated herein by reference (the "New Rate Schedule'). SECTION 5. CONTRACT DOCUMENTS. The Contract Documents, as defined in Section 2 of the Agreement, are amended to include this Amendment and the New Rate Schedule. SECTION 6. COUNTERPARTS. To facilitate execution of this Amendment, this Amendment may be executed in multiple counterparts, each of which, when assembled to include an original signature for each party contemplated to sign this Amendment, will constitute a complete and fully executed original. All such fully executed original counterparts will collectively constitute a single agreement. Each counterpart may be delivered by pdf transmission. IN WITNESS WHEREOF, the parties have hereunder set their hands and seals as of the Execution Date first above written. VILLAGE OF DEERFIELD By: _ �ahiel C,SI�PIro Its:f BAKER TILLY VIRCHOW KRAUSE, LLP �� ■I . -.. a •. .. Its: Director {00128081.1) ge of Deerfield,' Villa-ge f Glenview.. City of Highland irk R t � quote fora - five r audit exten an. ............ ......... August 18, 202j' Value for fees Value means more than simply checking boxes and meeting your requirements. Value means services that lead to meaningful insights, help improve efficiencies and direct more dollars and resources to achieve the missions of the Village of Deerfield, Village of Glenview and City of Highland Park (the Municipalities). Delivering a professional fee estimate for the Municipalities We are excited about the opportunity to continue to work with the Municipalities and have prepared the below revised fee estimate to meet the Municipalities' needs and objectives. Our fees allow for thorough and insightful advice from experienced professionals without unnecessary add -on charges. The fees provided below have been reduced from the originally quoted fees provided on July 25, 2022. Village of Deerfield - pricing sheet Audit services - annual not to exceed the amount Fiscal year ending 12.31.22 12.31.23 12.31.24 12.31.25 12.31.26 Financial statements $33,700 $35,722 $37,687 $39,571 $41,550 (ACFR) Single audit (if $5,700 $6,042 $6,374 $6,693 $7,028 required) * Annual Report for the $1,600 $1,696 $1,789 $1,878 $1,972 State of Illinois Comptroller TIF Compliance $1,200 $1,272 $1,342 $1,409 $1,479 Report (if required) GATACYEFR Report $1,400 $1,484 $1,566 $1,644 $1,726 Village Total $43,600 $46,216 $48,758 $57,795 $53,755 Deerfield Public $9,500 $10,070 $10,624 $11,155 $11,713 Library Audit TOTAL PROPOSAL $53,100 $56,286 $59,382 $62,350 $65,468 PRICE 1 VALUE FOR FEES Village of Glenview - pricing sheet Audit services - annual not to exceed the amount Fiscal year ending 12.31.22 12.31.23 12.31.24 12.31.25 12.31.26 Financial statements $53,400 $56,604 $59,717 $62,703 $65,838 (ACFR) Single audit (if $5,700 $6,042 $6,374 $6,693 $7,028 required) * Annual Report for the $1,600 $1,696 $1,789 $1,878 $1,972 State of Illinois Comptroller The Glen TIF $1,200 $1,272 $1,342 $1,409 $1,479 Compliance Report (if required) Waukegan -Golf TIF $1,200 $1,272 $1,342 $1,409 $1,479 Compliance Report GATACYEFR Report $1,400 $1,484 $1,566 $1,644 $1,726 TOTAL PROPOSAL $64,500 $68,370 $72,130 $75,736 $79,522 PRICE Village of Highland Park - pricing sheet Audit services - annual not to exceed the amount Fiscal year ending Financial statements (ACFR) ** Single audit (if required) * Annual Report for the State of Illinois Comptroller Ravinia TIF Compliance Report GATA CYEFR Report TOTALPROPOSAL PRICE 12.31.22 12.31.23 12.31.24 12.31.25 12.31.26 $51,000 $54,060 $57,033 $59,885 $62,879 $5,700 $6,042 $6,374 $6,693 $7,028 $1,600 $1,696 $1,789 $1,878 $1,972 $1,200 $1,272 $1,342 $1,409 $1,479 $1,400 $1,484 $1,566 $1,644 $1,726 $60,900 $64,554 $68,104 $71,509 $75,084 * The single audit fee assumes the testing of one major federal program or cluster. If additional major programs are required to be tested, we will discuss fees associated with the additional scope of services at that time. ** This fee includes the audit of the Highland Park Public Library. 2 VALUE FOR FEES Discounted fees for continued engagement with all three municipalities Consistent with our agreement for the previous five years, we are offering a 2% discount in our proposed fees if all three municipalities agree to the proposed five-year extension. If all three municipalities accept, the discounted fees would be as follows: Village of Deerfield - pricing sheet Audit services - annual not to exceed the amount Fiscal year ending 12.31.22 12.31.23 12.31.24 12.31.25 12.31.26 Financial statements $33,030 $35,012 $36,938 $38,785 $40,724 (ACFR) Single audit (if $5,590 $5,925 $6,251 $6,564 $6,892 required) * Annual Report for the $1,570 $1,664 $1,756 $1,844 $1,936 State of Illinois Comptroller TIF Compliance $1,180 $1,251 $1,320 $1,386 $1,455 Report (if required) GATA CYEFR Report $1,370 $1,452 $1,532 $1,609 $1,689 Village Total $42,740 $45,304 $47,797 $50,788 $52,696 Deerfield Public $9,310 $9,869 $10,412 $10,933 $11,480 Library Audit TOTAL PROPOSAL $52,050 $55,173 $58,209 $61,121 $64,176 PRICE 3 Village of Glenview - pricing sheet Audit services - annual not to exceed the amount Fiscal year ending Financial statements (ACFR) Single audit (if required) * Annual Report for the State of Illinois Comptroller The Glen TIF Compliance Report (if required) Waukegan -Golf TIF Compliance Report GATA CYEFR Report TOTALPROPOSAL PRICE VALUE FOR FEES 12.31.22 12.31.23 12.31.24 12.31.25 12.31.26 $52,330 $55,470 $58,521 $61,447 $64,519 $5,590 $5,925 $6,251 $6,564 $6,892 $1,570 $1,664 $1,756 $1,844 $1,936 $1,180 $1,251 $1,320 $1,386 $1,455 $1,180 $1,251 $1,320 $1,386 $1,455 $1,370 $1,452 $1,532 $1,609 $1,689 $63,220 $67,013 $70,700 $74,236 $77,946 Village of Highland Park - pricing sheet Audit services - annual not to exceed the amount Fiscal year ending 12.31.22 12.31.23 12.31.24 12.31.25 12.31.26 Financial statements $49,980 $52,979 $55,893 $58,688 $61,622 (ACFR) ** Single audit (if $5,590 $5,925 $6,251 $6,564 $6,892 required) * Annual Report for the $1,570 $1,664 $1,756 $1,844 $1,936 State of Illinois Comptroller Ravinia TIF $1,180 $1,251 $1,320 $1,386 $1,455 Compliance Report GATACYEFR Report $1,370 $1,452 $1,532 $1,609 $1,689 TOTAL PROPOSAL $59,690 $63,271 $66,752 $70,091 $73,594 PRICE Avoiding surprises and a nickel-and-dime billing approach Routine phone calls, emails and quick consultations are included in the Municipalities' fee estimate. We do not believe in billing for every question, comment or concern, and we encourage you to discuss any unusual transactions with us to gain efficiencies for year-end. 4 VALUE FOR FEES If an issue arises, your engagement team members will work with you to determine what assistance is required and arrange an appropriate fee at that time. We will always tell you if the assistance you need is out of scope, and we never perform additional work without approval. Detailing our assumptions Our estimate is based on the below assumptions. Should any of these change during the engagement, we will contact the Municipalities immediately and prepare a change order detailing the new requirements and corresponding budget impact. We will not perform additional work without the Municipalities; approval. The engagement assumptions include: — Adequate support, preparedness and cooperation from the Municipalities' management — Organized books and records — Fees based on current advisory, tax and assurance standards — No major scope of organizational changes, including mergers or expansions into new markets Beginning in 2022, the municipalities are required to implement GASB Statement No. 87, Leases. The amount of time and effort necessary to implement and audit this standard is contingent upon the complexity of the leases into which the municipalities have entered. In the event that the municipalities require assistance in reviewing lease documents and implementing the provisions of this standard, a separate quote for these services will be prepared and discussed at that time. 5 VALUF FOR FEES Supporting you with our value -for -fees approach We will provide the highest quality service for a fair and reasonable fee. Below is an overview of our value -for -fees approach and how it benefits you. A team that works with a similar client base and is ready to lead a smooth and beneficial transition Support from the full breadth and depth of Baker Tilly's resources Frequent check -ins and timely responses to your inquiries Practical, flexible and collaborative approach designed for your unique needs Controlled costs through a service approach designed for your organization; no surprise billing or add -on charges Full range of service solutions to grow with your needs 9 o o = Knowledge retention through a commitment to staff continuity Use of innovative technology and software tools to support real-time communication, efficiencies and compliance Proactive ideas and insight shared year-round via complimentary articles, toolkits, webinars, e-books, alerts, whitepapers and newsletters High level of experienced partner and manager involvement for a big -picture perspective COMMITMENT TO VALUE FOR FEES The Municipalities can expect exceptional service paired with a fair, competitive fee arrangement that allows us to deliver continuous value throughout our relationship. TO: Kent Street, Village Manager FROM: Eric Burk, Director of Finance DATE: August 31, 2022 SUBJECT: Auditor Engagement — Baker Tilly The Village selected Baker Tilly to provide audit services in 2017. The 5-year contract expired with the audit of the financial statements for the year ending December 31, 2021. The Village requested an extension quote from Baker Tilly in conjunction with Highland Park and Glenview. Each entity received separate bids and was able to make an independent decision. However, if all three entities renew their contract Baker Tilly is offering a 2% discount. Baker Tilly proposed conducting Deerfield's annual audit and other required reports (if needed) along with the Deerfield Public Library audit (billed separately) at the annual not to exceed fee as shown in Table 1 below. A detail breakdown of fees is included in the REVISED quote for a five-year audit extension. 12/31 /2022 1 12/31 /2023 $53,100 1$56,286 Table 1 12/31 /2024 12/31 /2025 $59,382 $62.350 12/31/2026 Total $65,468 $296,586 Baker Tilly has a dedicated group of Governmental Auditors and additional staff sufficient to meet the Village's accounting and auditing needs. Their partners and managers work closely with GFOA, IGFOA and the Illinois CPA society. An audit services agreement is attached along with a resolution authorizing its acceptance. I recommend you seek Board approval of it. (0 bakertitly Baker Tilly US, LLP 1301 W 22nd St, Ste 400 Oak Brook, IL 60523-3389 United States of America T: +1 (630) 990 3131 F: +1 (630) 990 0039 bakertilly.com December 21, 2022 Mr. Eric Burk Director of Finance/Treasurer Village of Deerfield 850 Waukegan Road Deerfield, Illinois 60015 Dear Mr. Burk: Thank you for using Baker Tilly US, LLP (Baker Tilly, we, our) as your auditors. The purpose of this letter (the Engagement Letter) is to confirm our understanding of the terms and objectives of our engagement and the nature of the services we will provide as independent accountants of the Village of Deerfield (Client, you, your). Service and Related Report We will audit the basic financial statements of the Village of Deerfield as of and for the year ended December 31, 2022, and the related notes to the financial statements. Upon completion of our audit, we will provide the Village of Deerfield with our audit report on the financial statements and supplemental information referred to below. If, for any reasons caused by or relating to the affairs or management of the Village of Deerfield, we are unable to complete the audit or are unable to or have not formed an opinion, or if we determine in our professional judgment the circumstances necessitate, we may withdraw and decline to issue a report as a result of this engagement. In order to perform the professional services outlined in this Engagement Letter, Baker Tilly requires access to information subject to Title II of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Federal law requires Baker Tilly to execute a Business Associate Agreement (BA Agreement) prior to being granted this information. For your convenience, we have attached our firm standard BA Agreement for your review and signature as Addendum C. Please execute and return a copy with this Engagement Letter, keeping the original BA Agreement on file with your HIPAA compliance records. Baker Tilly US, LLP, trading as Baker Tilly, is a member of the global network of Baker Tilly International Ltd., the members of which are separate and independent legal entities. © 2020 Baker Tilly US, LLP Mr. Eric Burk Village of Deerfield December 21, 2022 Page 2 The following supplementary information accompanying the financial statements will also be subjected to the auditing procedures applied in our audit of the financial statements and certain additional procedures, including comparing and reconciling such information directly to the underlying accounting and other records used to prepare the financial statements or to the financial statements themselves, and other additional procedures in accordance with auditing standards generally accepted in the United States of America, and our auditor's report will provide an opinion on it in relation to the financial statements as a whole. > Combining and Individual Fund Financial Statements and Schedules > Supplemental Data The following supplementary information will also be subjected to the auditing procedures applied in our audit of the financial statements and certain additional procedures, including comparing and reconciling such information directly to the underlying accounting and other records used to prepare the financial statements or to the financial statements themselves, and other additional procedures in accordance with auditing standards generally accepted in the United States of America, and our auditor's report will provide an opinion on it in relation to the financial statements as a whole. > Consolidated Year -End Financial Report Accounting standards generally accepted in the United States of America provide for certain required supplementary information (RSI), such as management's discussion and analysis, to supplement the Village of Deerfield's basic financial statements. Such information, although not a part of the basic financial statements, is required by the Governmental Accounting Standards Board who considers it to be an essential part of financial reporting for placing the basic financial statements in an appropriate operational, economic or historical context. As part of our engagement, we will apply certain limited procedures to the Village of Deerfield's RSI in accordance with auditing standards generally accepted in the United States of America. These limited procedures will consist of inquiries of management regarding the methods of preparing the information and comparing the information for consistency with management's response to our inquiries, the basic financial statements, and other knowledge we obtained during our audit of the basic financial statements. We will not express an opinion or provide any assurance on the information because the limited procedures do not provide us with sufficient evidence to express an opinion or provide any assurance. The following RSI is required by generally accepted accounting principles and will be subjected to certain limited procedures, but will not be audited: > Management's Discussion and Analysis > Budget Comparison Schedules > OPEB - related schedules > Pension - related schedules We will read the following other information accompanying the financial statements to identify any material inconsistencies with the audited financial statements; however, the other information will not be subjected to the auditing procedures applied in our audit of the financial statements and our auditor's report will not provide an opinion or any assurance on that other information: > Introductory Section > Statistical Section Mr. Eric Burk Village of Deerfield December 21, 2022 Page 3 Our report does not include reporting on key audit matters. Our Responsibilities and Limitations The objective of a financial statement audit is the expression of an opinion on the financial statements. Standards require that we plan and perform our audit to obtain reasonable, rather than absolute, assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud. Reasonable assurance is a high level of assurance but is not absolute assurance and therefore is not a guarantee that an audit conducted in accordance with GAAS will always detect a material misstatement when it exists. A misstatement is considered material if there is a substantial likelihood that, individually or in the aggregate, it would influence the judgment made by a reasonable user based on the financial statements. The objective also includes reporting on: > Internal control related to the financial statements and compliance with laws, regulations and the provisions of contracts or grant agreements, noncompliance with which could have a direct and material effect on the financial statements in accordance with Government Auditing Standards. The Government Auditing Standards report on internal control over financial reporting and on compliance and other matters will include a paragraph that states (i) that the purpose of the report is solely to describe the scope of testing of internal control and compliance, and the results of that testing, and not to provide an opinion on the effectiveness of the entity's internal control or on compliance, and (ii) that the report is an integral part of an audit performed in accordance with Government Auditing Standards in considering the entity's internal control and compliance. The paragraph will also state that the report is not suitable for any other purpose. We will be responsible for performing the audit in accordance with auditing standards generally accepted in the United States of America (GARS) and the standards for financial audits contained in Government Auditing Standards, issued by the Comptroller General of the United States and will include tests of accounting records and other procedures we consider necessary to enable us to express such an opinion and to render the required reports. We will also provide a report (that does not include an opinion) on internal control related to the financial statements and compliance with laws, regulations and the provisions of grant agreements, noncompliance with which could have a material effect on the financial statements, as required by Government Auditing Standards. As part of an audit in accordance with GAAS, we exercise professional judgment and maintain professional skepticism throughout the audit. We will also: > Identify and assess the risks of material misstatement of the financial statements and supplemental information, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control. > Obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity's internal control. However, we will communicate to you in writing concerning any significant deficiencies or material weaknesses in internal control relevant to the audit of the financial statements and supplemental information that we have identified during the audit. Mr. Eric Burk Village of Deerfield December 21, 2022 Page 4 > Evaluate the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made by management, as well as evaluate the overall presentation of the financial statements and supplemental information, including the disclosures, and whether the financial statements and supplemental information represent the underlying transactions and events in a manner that achieves fair presentation. > Conclude, based on the audit evidence obtained, whether there are conditions or events, considered in the aggregate, that raise substantial doubt about the entity's ability to continue as a going concern for a reasonable period of time. Because of the inherent limitations of an audit, together with the inherent limitations of internal controls, an unavoidable risk that some material misstatements may not be detected exists, even though the audit is properly planned and performed in accordance with GAAS. Because the determination of abuse is subjective, Government Auditing Standards do not expect auditors to provide reasonable assurance of detecting abuse. Our audit will include examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements, assessing accounting principles used and significant estimates made by management, and evaluating the overall financial statement presentation. Our audit does not relieve management or those charged with governance of their responsibilities. Our audit is limited to the period covered by our audit and does not extend to any later periods during which we are not engaged as auditor. The audit will include obtaining an understanding of the Village of Deerfield and its environment, including internal controls, sufficient to assess the risks of material misstatement of the financial statements and to determine the nature, timing and extent of further audit procedures. An audit is not designed to provide assurance on internal control or to identify deficiencies in internal control. However, during the audit, we will communicate to management and those charged with governance internal control matters that are required to be communicated under professional standards. We will also inform you of any other matters involving internal control, if any, as required by Government Auditing Standards. Tests of controls may be performed to test the effectiveness of certain controls that we consider relevant to preventing and detecting errors and fraud that are material to the financial statements and to preventing and detecting misstatements resulting from illegal acts and other noncompliance matters that have a direct and material effect on the financial statements. Our tests, if performed, will be less in scope than would be necessary to render an opinion on internal control and, accordingly, no opinion will be expressed in our report on internal control issued pursuant to Government Auditing Standards. Also, if required by Government Auditing Standards, we will report known or likely fraud, illegal acts, violations of provisions of contracts or grant agreements, or abuse directly to parties outside of the Village of Deerfield. As part of obtaining reasonable assurance about whether the financial statements are free of material misstatement, we will perform tests of the Village of Deerfiield's compliance with the provisions of applicable laws, regulations, contracts and agreements, including grant agreements. However, the objective of those procedures will not be to provide an opinion on overall compliance and we will not express such an opinion in our report on compliance issued pursuant to Government Auditing Standards. Mr. Eric Burk Village of Deerfield December 21, 2022 Page 5 We are also responsible for determining that those charged with governance are informed about certain other matters related to the conduct of the audit, including (i) our responsibility under GARS, (ii) an overview of the planned scope and timing of the audit, and (iii) significant findings from the audit, which include (a) our views about the qualitative aspects of your significant accounting practices, accounting estimates, and financial statement disclosures; (b) difficulties encountered in performing the audit; (c) uncorrected misstatements and material corrected misstatements that were brought to the attention of management as a result of auditing procedures; and (d) other significant and relevant findings or issues (e.g., any disagreements with management about matters that could be significant to your financial statements or our report thereon, consultations with other independent accountants, issues discussed prior to our retention as independent auditors, fraud and illegal acts, and all significant deficiencies and material weaknesses identified during the audit). Lastly, we are responsible for ensuring that those charged with governance receive copies of certain written communications between us and management including written communications on accounting, auditing, internal controls or operational matters and representations that we are requesting from management. The audit will not be planned or conducted in contemplation of reliance of any specific third party or with respect to any specific transaction. Therefore, items of possible interest to a third party will not be specifically addressed and matters may exist that would be addressed differently by a third party, possibly in connection with a specific transaction. Management's Responsibilities You are responsible for identifying and ensuring that the entity complies with applicable laws, regulations, contracts, agreements, and grants and for taking timely and appropriate steps to remedy fraud and noncompliance with provisions of laws, regulations, contracts or grant agreements, or abuse that we report. Management is responsible for establishing and maintaining a process for tracking the status of audit findings and recommendations. Management is also responsible for identifying for us previous financial audits, attestation engagements, performance audits or other studies related to the objectives discussed above. This responsibility includes relaying to us corrective actions taken to address significant findings and recommendations resulting from those audits, attestation engagements, performance audits or studies. You are also responsible for providing management's views on our current findings, conclusions and recommendations, as well as your planned corrective actions for the report, and for the timing and format for providing that information. You are responsible for the preparation of the supplementary information in conformity with GAAP. You agree to include our report on the supplementary information in any document that contains, and indicates that we have reported on, the supplementary information. You also agree to include the audited financial statements with any presentation of the supplementary information that includes our report thereon. You further agree to make the audited financial statements readily available to users of the supplementary information no later than the date the supplementary information is issued with our report thereon. Your responsibilities include acknowledging to us in the representation letter that (a) you are responsible for presentation of the supplementary information in accordance with GAAP; (b) that you believe the supplementary information, including its form and content, is fairly presented in accordance with GAAP; (c) that the methods of measurement or presentation have not changed from those used in the prior period (or, if they have changed, the reasons for such changes); and (d) you have disclosed to us any significant assumptions or interpretations underlying the measurement or presentation of the supplementary information. Mr. Eric Burk Village of Deerfield December21, 2022 Page 6 Management is responsible for (i) adjusting the basic financial statements to correct material misstatements and for affirming to us in a management representation letter that the effects of any uncorrected misstatements aggregated by us during the current engagement and pertaining to the latest period under audit are immaterial, both individually and in the aggregate, to the basic financial statements taken as a whole, and (ii) notifying us of all material weaknesses, including other significant deficiencies, in the design or operation of your internal control over financial reporting that are reasonably likely to adversely affect your ability to record, process, summarize and report external financial data reliably in accordance with GAAP. Management is also responsible for identifying and ensuring that the Village of Deerfield complies with the laws and regulations applicable to its activities. As part of our audit process, we will request from management and, when appropriate, those charge with governance written confirmation concerning representations made to us in connection with the audit. Baker Tilly is not a municipal advisor as defined in Section 975 of the Dodd -Frank Wall Street Reform and Consumer Protection Act or under Section 15B of the Securities Exchange Act of 1934 (the Act). Baker Tilly is not recommending an action to the Village of Deerfield; is not acting as an advisor to you and does not owe a fiduciary duty pursuant to Section 15B of the Act to you with respect to the information and material contained in the deliverables issued under this engagement. Any municipal advisory services would only be performed by Baker Tilly Municipal Advisors LLC (BTMA) pursuant to a separate engagement letter between you and BTMA. You should discuss any information and material contained in the deliverables with any and all internal and external advisors and experts that you deem appropriate before acting on this information or material. Nonattest Services Prior to or as part of our audit engagement, it may be necessary for us to perform certain nonattest services. For purposes of this letter, nonattest services include services that Government Auditing Standards refers to as nonaudit services. Nonattest services that we will be providing are as follows: > Financial Statement Preparation > Adjusting and conversion journal entries, if necessary > Compiled regulatory reports, if prepared by auditor None of these nonattest services constitute an audit under generally accepted auditing standards including Government Auditing Standards. We will not perform any management functions or make management decisions on your behalf with respect to any nonattest services we provide. Mr. Eric Burk Village of Deerfield December21, 2022 Page 7 In connection with our performance of any nonattest services, you agree that you will: > Continue to make all management decisions and perform all management functions, including approving all journal entries and general ledger classifications when they are submitted to you. > Designate an employee with suitable skill, knowledge, and/or experience, preferably within senior management, to oversee the services we perform. > Evaluate the adequacy and results of the nonattest services we perform. > Accept responsibility for the results of our nonattest services. > Establish and maintain internal controls, including monitoring ongoing activities related to the nonattest function. On a periodic basis, as needed, we will meet with you to discuss your accounting records and the management implications of your financial statements. We will notify you, in writing, of any matters that we believe you should be aware of and will meet with you upon request. Other Documents If you intend to reproduce or publish the financial statements in an annual report or other information (excluding official statements) and make reference to our firm name in connection therewith, you agree to publish the financial statements in their entirety. In addition, you agree to provide us, for our approval and consent, proofs before printing and final materials before distribution. If you intend to reproduce or publish the financial statements in an official statement, unless we establish a separate agreement to be involved in the issuance, any official statements issued by the Village of Deerfield must contain a statement that Baker Tilly is not associated with the official statement, which shall read 'Baker Tilly US, LLP, our independent auditor, has not been engaged to perform and has not performed, since the date of its report included herein, any procedures on the financial statements addressed in that report. Baker Tilly US, LLP, has also not performed any procedures relating to this official statement." With regard to the electronic dissemination of audited financial statements, including financial statements published electronically on your Internet website, you understand that electronic sites are a means to distribute information and, therefore, we are not required to read the information contained in these sites or to consider the consistency of other information in the electronic site with the original document. We will provide copies of our reports to the Village of Deerfield, however, management is responsible for distribution of the reports and the financial statements. Copies of our reports are to be made available for public inspection unless restricted by law or regulation or if they contain privileged and confidential information. The documentation for this engagement, including the workpapers, is the property of Baker Tilly and constitutes confidential information. However, pursuant to authority given by law or regulation, we may be requested to make certain audit documentation available to federal or state agencies for purposes of a quality review of the audit, to resolve audit findings, or to carry out oversight responsibilities. We will notify you of any such request. If requested, access to such audit documentation will be provided under the supervision of Baker Tilly personnel. Furthermore, upon request, we may provide copies of selected audit documentation to the aforementioned parties. These parties may intend, or decide, to distribute the copies or information contained therein to others, including other governmental agencies. Mr. Eric Burk Village of Deerfield December 21, 2022 Page 8 We may have a responsibility to retain the documentation for a period of time sufficient to satisfy any applicable legal or regulatory requirements for records retention. Baker Tilly does not retain any original client records; so we will return such records to you at the completion of the services rendered under this engagement. When such records are returned to you, it is the Village of Deerfield's responsibility to retain and protect its accounting and other business records for future use, including potential review by any government or other regulatory agencies. By your signature below, you acknowledge and agree that, upon the expiration of the documentation retention period, Baker Tilly shall be free to destroy our workpapers related to this engagement. If we are required by law, regulation or professional standards to make certain documentation available to regulators, the Village of Deerfield hereby authorizes us to do so. Government Auditing Standards require that we provide you with a copy of our most recent external peer review report and any subsequent peer review reports received during the period of the contract. Our most recent peer review report accompanies this letter. Fees The fees associated with this engagement are as outlined in the First Amendment to Audit Services Agreement with Exhibits dated December 21, 2022. Other Matters Baker Tilly US, LLP, trading as Baker Tilly, is an independent member of Baker Tilly International. Baker Tilly International Limited is an English company. Baker Tilly International provides no professional services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. Baker Tilly US, LLP is not Baker Tilly International's agent and does not have the authority to bind Baker Tilly International or act on Baker Tilly International's behalf. None of Baker Tilly International, Baker Tilly US, LLP, nor any of the other member firms of Baker Tilly International has any liability for each other's acts or omissions. The name Baker Tilly and its associated logo is used under license from Baker Tilly International Limited. This Engagement Letter, the Audit Services Agreement with Exhibits dated December 4, 2017 and the First Amendment to Audit Services Agreement with Exhibits dated December 21, 2022 constitutes the entire agreement between the Village of Deerfield and Baker Tilly regarding the services described in this Engagement Letter and supersedes and incorporates all prior or contemporaneous representations, understandings or agreements, and may not be modified or amended except by an agreement in writing signed between the parties hereto. This Engagement Letter's provisions shall not be deemed modified or amended by the conduct of the parties. Mr. Eric Burk Village of Deerfield December 21, 2022 Page 9 We appreciate the opportunity to be of service to you. If there are any questions regarding this Engagement Letter, please contact Joe Lightcap, the firm director on this engagement who is responsible for the overall supervision and review of the engagement and determining that the engagement has been completed in accordance with professional standards. Joe Lightcap is available at (630) 645-6215, or at joe.lightcap@bakertilly.com. Sincerely, BAKER TILLY US, LLP Enclosures The services and terms as set forth in this Engagement Letter are agreed to by7 f Official's Name Official's Signa ure 1 J-fft,� d Title 212Z/y3 Date /( A1) MOSSADAMS Report on the Firm's System of Quality Control October 28, 2021 To the Partners of Baker Tilly US, LLP and the National Peer Review Committee We have reviewed the system of quality control for the accounting and auditing practice of Baker Tilly US, LLP (the firm) applicable to engagements not subject to PCAOB permanent inspection in effect for the year ended March 31, 2021. Our peer review was conducted in accordance with the Standards for Performing and Reporting on Peer Reviews established by the Peer Review Board of the American Institute of Certified Public Accountants (Standards). A summary of the nature, objectives, scope, limitations of, and the procedures performed in a System Review as described in the Standards may be found at www.aici)a.org/prsummary. The summary also includes an explanation of how engagements identified as not performed or reported in conformity with applicable professional standards, if any, are evaluated by a peer reviewer to determine a peer review rating. Firm's Responsibility The firm is responsible for designing a system of quality control and complying with it to provide the firm with reasonable assurance of performing and reporting in conformity with applicable professional standards in all material respects. The firm is also responsible for evaluating actions to promptly remediate engagements deemed as not performed or reported in conformity with professional standards, when appropriate, and for remediating weaknesses in its system of quality control, if any. Peer Reviewer's Responsibility Our responsibility is to express an opinion on the design of the system of quality control and the firm's compliance therewith based on our review. Required Selections and Considerations Engagements selected for review included engagements performed under Govemment Auditing Standards, including compliance audits under the Single Audit Act; audits of employee benefit plans; audits performed under FDICIA; audits of broker -dealers; and examinations of service organizations [SOC 10 and SOC 20 engagements]. As a part of our peer review, we considered reviews by regulatory entities as communicated by the firm, if applicable, in determining the nature and extent of our procedures. Opinion In our opinion, the system of quality control for the accounting and auditing practice of Baker Tilly US, LLP applicable to engagements not subject to PCAOB permanent inspection in effect for the year ended March 31, 2021, has been suitably designed and complied with to provide the firm with reasonable assurance of performing and reporting in conformity with applicable professional standards in all material respects. Firms can receive a rating of pass, pass with deficiencylies) or fail. Baker Tilly US, LLP has received a peer review rating of pass. BUSINESS ASSOCIATE AGREEMENT BETWEEN VILLAGE OF DEERFIELD and BAKER TILLY US, LLP THIS BUSINESS ASSOCIATE AGREEMENT (BA Agreement) replaces previous business associate agreements between Baker Tilly US, LLP (Business Associate) and Village of Deerfield (Covered Entity) (each a Party and collectively the Parties) and is effective on December 21, 2022 (Effective Date). I.PREAMBLE Covered Entity and Business Associate enter into this BA Agreement to comply with the requirements of: (i) the implementing regulations at 45 C.F.R Parts 160, 162 and 164 for the Administrative Simplification provisions of Title II, Subtitle F of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (i.e., the HIPAA Privacy, Security, Electronic Transaction, Breach Notification and Enforcement Rules the (Implementing Regulations)), (ii) the requirements of the Health Information Technology for Economic and Clinical Health Act, as incorporated in the American Recovery and Reinvestment Act of 2009 the (HITECH Act) that are applicable to business associates and (iii) the requirements of the final modifications to the HIPAA Privacy, Security, Enforcement and Breach Notification Rules as issued on January 25, 2013, and effective March 26, 2013, (75 Fed. Reg. 5566 (Jan. 25, 2013)) the (Final Regulations). The Implementing Regulations, the HITECH Act and the Final Regulations are collectively referred to in this BA Agreement as the "HIPAA Requirements." Covered Entity and Business Associate agree to incorporate into this BA Agreement any regulations issued by the U.S. Department of Health and Human Services (DHHS) with respect to the HIPAA Requirements that relate to the obligations of business associates and that are required to be (or should be) reflected in a business associate agreement. Business Associate recognizes and agrees that it is obligated by law to meet the applicable provisions of the HIPAA Requirements and that it has direct liability for any violations of the HIPAA Requirements. 2. DEFINITIONS (a) 'Breach" shall mean, as defined in 45 C.F.R. § 164.402, the acquisition, access, use or disclosure of Unsecured Protected Health Information in a manner not permitted by the HIPAA Requirements that compromises the security or privacy of that Protected Health Information. (b) 'Business Associate Subcontractor" shall mean, as defined in 45 C.F.R. § 160.103, any entity (including an agent) that creates, receives, maintains or transmits Protected Health Information on behalf of Business Associate. (c) "Electronic PHI" shall mean, as defined in 45 C.F.R. § 160.103, Protected Health Information that is transmitted or maintained in any Electronic Media. (d) "Limited Data Set' shall mean, as defined in 45 C.F.R. § 164.514(e), Protected Health Information that excludes the following direct identifiers of the individual or of relatives, employers or household members of the individual: (i) Names; (ii) Postal address information, other than town or city, State and zip code; (iii) Telephone numbers; (iv) Fax numbers; (v) Electronic mail addresses; (vi) Social security numbers; (vii) Medical record numbers; (viii) Health plan beneficiary numbers; (ix) Account numbers; (x) Certificate/license numbers; (xi) Vehicle identifiers and serial numbers, including license plate numbers; (xii) Device identifiers and serial numbers; (xiii) Web Universal Resource Locators (URLs); (xiv) Internet Protocol (IP) address numbers; (xv) Biometric identifiers, including finger and voice prints; and (xvi) Full face photographic images and any comparable images. (e) "Protected Health Information" or "PHI" shall mean, as defined in 45 C.F.R. § 160.103, information created or received by a Health Care Provider, Health Plan, employer or Health Care Clearinghouse, that (i) relates to the past, present or future physical or mental health or condition of an individual, provision of health care to the individual or the past, present or future payment for provision of health care to the individual, (ii) identifies the individual, or with respect to which there is a reasonable basis to believe the information can be used to identify the individual and (iii) is transmitted or maintained in an electronic medium, or in any other form or medium. The use of the term "Protected Health Information" or "PHI" in this BA Agreement shall mean both Electronic PHI and Nonelectronic PHI, unless another meaning is clearly specified. (f) "Security Incident" shall mean, as defined in 45 C.F.R. § 164.304, the attempted or successful unauthorized access, use, disclosure, modification or destruction of information or interference with system operations in an information system. (g) "Unsecured Protected Health Information" shall mean, as defined in 45 C.F.R. § 164.402, Protected Health Information that is not rendered unusable, unreadable or indecipherable to unauthorized persons through the use of a technology or methodology specified by DHHS. (h) All other capitalized terms used in this BA Agreement shall have the meanings set forth in the applicable definitions under the HIPAA Requirements. 3. GENERAL TERMS (a) In the event of an inconsistency between the provisions of this BA Agreement and a mandatory term of the HIPAA Requirements (as these terms may be expressly amended from time to time by the DHHS or as a result of interpretations by DHHS, a court or another regulatory agency with authority over the Parties), the interpretation of DHHS, such court or regulatory agency shall prevail. In the event of a conflict among the interpretations of these entities, the conflict shall be resolved in accordance with rules of precedence. (b) Where provisions of this BA Agreement are different from those mandated by the HIPAA Requirements, but are nonetheless permitted by the HIPAA Requirements, the provisions of this BA Agreement shall control. (c) Except as expressly provided in the HIPAA Requirements or this BA Agreement, this BA Agreement does not create any rights in third parties. 4. SPECIFIC REQUIREMENTS (a) Flow -Down of Obligations to Business Associate Subcontractors. Business Associate agrees that as required by the HIPAA Requirements, Business Associate will enter into a written agreement with all Business Associate Subcontractors that: (i) requires them to comply with the Privacy and Security Rule provisions of this BA Agreement in the same manner as required of Business Associate and (ii) notifies such Business Associate Subcontractors that they will incur liability under the HIPAA Requirements for noncompliance with such provisions. Accordingly, Business Associate shall ensure that all Business Associate Subcontractors agree in writing to the same privacy and security restrictions, conditions and requirements that apply to Business Associate with respect to PHI. (b) Privacy of Protected Health Information (i) Permitted Uses and Disclosures of PHI. Business Associate agrees to create, receive, use, disclose, maintain or transmit PHI only in a manner that is consistent with this BA Agreement or the HIPAA Requirements and only in connection with providing the services to Covered Entity identified in the Engagement Letter and this BA Agreement. Accordingly, in providing services to or for the Covered Entity, Business Associate, for example, will be permitted to use and disclose PHI for "Treatment, Payment and Health Care Operations," as those terms are defined in the HIPAA Requirements. Business Associate further agrees that to the extent it is carrying out one or more of the Covered Entity's obligations under the Privacy Rule (Subpart E of 45 C.F.R. Part 164), it shall comply with the requirements of the Privacy Rule that apply to the Covered Entity in the performance of such obligations. (1) Business Associate shall report to Covered Entity any use or disclosure of PHI that is not provided for in this BA Agreement, including reporting Breaches of Unsecured Protected Health Information as required by 45 C.F.R. § 164.410 and required by Section 4(d)(ii) below. (2) Business Associate shall establish, implement and maintain appropriate safeguards and comply with the Security Standards (Subpart C of 45 C.F.R. Part 164) with respect to Electronic PHI, as necessary to prevent any use or disclosure of PHI other than as provided for by this BA Agreement. (ii) Business Associate Obligations. As permitted by the HIPAA Requirements, Business Associate also may use or disclose PHI received by the Business Associate in its capacity as a Business Associate to the Covered Entity for Business Associate's own operations if: (1) the use relates to: (1) the proper management and administration of the Business Associate or to carry out legal responsibilities of the Business Associate or (2) data aggregation services relating to the health care operations of the Covered Entity or (2) the disclosure of information received in such capacity will be made in connection with a function, responsibility or services to be performed by the Business Associate, and such disclosure is required by law or the Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will be held confidential and the person agrees to notify the Business Associate of any Breaches of confidentiality. (iii) Minimum Necessary Standard and Creation of Limited Data Set. Business Associate's use, disclosure or request of PHI shall utilize a Limited Data Set if practicable. Otherwise, in performing the functions and activities as specified in the Engagement Letter and this BA Agreement, Business Associate agrees to use, disclose or request only the minimum necessary PHI to accomplish the intended purpose of the use, disclosure or request. (iv) Access. In accordance with 45 C.F.R. § 164.524 of the HIPAA Requirements, Business Associate will make available to the Covered Entity (or as directed by the Covered Entity, to those individuals who are the subject of the PHI (or their designees)), their PHI in the Designated Record Set. Business Associate shall make such information available in an electronic format where directed by the Covered Entity. (v) Disclosure Accounting. Business Associate shall make available the information necessary to provide an accounting of disclosures of PHI as provided for in 45 C.F.R. § 164.528 of the HIPAA Requirements by making such information available to the Covered Entity or (at the direction of the Covered Entity) making such information available directly to the individual. (vi) Amendment. Business Associate shall make PHI in a Designated Record Set available for amendment and, as directed by the Covered Entity, incorporate any amendment to PHI in accordance with 45 C.F.R. § 164.526 of the HIPAA Requirements. (vii) Right to Request Restrictions on the Disclosure of PHI and Confidential Communications. If an individual submits a Request for Restriction or Request for Confidential Communications to the Business Associate, Business Associate and Covered Entity agree that Business Associate, on behalf of Covered Entity, will evaluate and respond to these requests according to Business Associate's own procedures for such requests. (viii) Return or Destruction of PHI. Upon the termination or expiration of the Engagement Letter or this BA Agreement, Business Associate agrees to return the PHI to Covered Entity, destroy the PHI (and retain no copies) or if Business Associate determines that return or destruction of the PHI is not feasible, (a) continue to extend the protections of this BA Agreement and of the HIPAA Requirements to the PHI and (b) limit any further uses and disclosures of the PHI to the purpose making return or destruction infeasible. (ix) Availability of Books and Records. Business Associate shall make available to DHHS or its agents the Business Associate's internal practices, books and records relating to the use and disclosure of PHI in connection with this BA Agreement. (x) Termination for Breach. (1) Business Associate agrees that Covered Entity shall have the right to terminate this BA Agreement or seek other remedies if Business Associate violates a material term of this BA Agreement. (2) Covered Entity agrees that Business Associate shall have the right to terminate this BA Agreement or seek other remedies if Covered Entity violates a material term of this BA Agreement. (c) Information and Security Standards (i) Business Associate will develop, document, implement, maintain and use appropriate Administrative, Technical and Physical Safeguards to preserve the Integrity, Confidentiality and Availability of, and to prevent nonpermitted use or disclosure of, Electronic PHI created or received for or from the Covered Entity. (ii) Business Associate agrees that with respect to Electronic PHI, these Safeguards, at a minimum, shall meet the requirements of the HIPAA Security Standards applicable to Business Associate. (iii) More specifically, to comply with the HIPAA Security Standards for Electronic PHI, Business Associate agrees that it shall: (1) Implement Administrative, Physical and Technical Safeguards consistent with (and as required by) the HIPAA Security Standards that reasonably protect the Confidentiality, Integrity and Availability of Electronic PHI that Business Associate creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate shall develop and implement policies and procedures that meet the documentation requirements as required by the HIPAA Requirements; (2) As also provided for in Section 4(a) above, ensure that any Business Associate Subcontractor agrees to implement reasonable and appropriate safeguards to protect the Electronic PHI; (3) Report to Covered Entity any unauthorized access, use, disclosure, modification or destruction of PHI (including Electronic PHI) not permitted by this BA Agreement, applicable law or permitted by Covered Entity in writing (Successful Security Incidents or Breaches) of which Business Associate becomes aware. Business Associate shall report such Successful Security Incidents or Breaches to Covered Entity as specified in Section 4(d)(iii)(1); (4) For Security Incidents that do not result in unauthorized access, use, disclosure, modification or destruction of PHI (including, for purposes of example and not for purposes of limitation, pings on Business Associate's firewall, port scans, attempts to log onto a system or enter a database with an invalid password or username, denial -of -service attacks that do not result in the system being taken off-line or malware such as worms or viruses) (Unsuccessful Security Incidents), aggregate the data and, upon the Covered Entity's written request, report to the Covered Entity in accordance with the reporting requirements identified in Section 4(d)(iii)(2); (5) Take all commercially reasonable steps to mitigate, to the extent practicable, any harmful effect that is known to Business Associate resulting from any unauthorized access, use, disclosure, modification or destruction of PHI; (6) Permit termination of this BA Agreement if the Covered Entity determines that Business Associate has violated a material term of this BA Agreement with respect to Business Associate's security obligations and Business Associate is unable to cure the violation; and (7) Upon Covered Entity's request, provide Covered Entity with access to and copies of documentation regarding Business Associate's safeguards for PHI and Electronic PHI. (d) Notice and Reporting Obligations of Business Associate (i) Notice of Noncompliance with the BA Agreement. Business Associate will notify Covered Entity within 30 calendar days after discovery, any unauthorized access, use, disclosure, modification or destruction of PHI (including any successful Security Incident) that is not permitted by this BA Agreement, by applicable law or permitted in writing by Covered Entity, whether such noncompliance is by (or at) Business Associate or by (or at) a Business Associate Subcontractor. (ii) Notice of Breach. Business Associate will notify Covered Entity following discovery and without unreasonable delay but in no event later than 30 calendar days following discovery, any Breach of Unsecured Protected Health Information, whether such Breach is by Business Associate or by Business Associate Subcontractor. (1) As provided for in 45 C.F.R. § 164.402, Business Associate recognizes and agrees that any acquisition, access, use or disclosure of PHI in a manner not permitted under the HIPAA Privacy Rule (Subpart E of 45 C.F.R. Part 164) is presumed to be a Breach. As such, Business Associate shall (i) notify Covered Entity of any nonpermitted acquisition, access, use or disclosure of PHI and (ii) assist Covered Entity in performing (or at Covered Entity's direction, perform) a risk assessment to determine if there is a low probability that the PHI has been compromised. (2) Business Associate shall cooperate with Covered Entity in meeting the Covered Entity's obligations under the HIPAA Requirements and any other security breach notification laws. Business Associate shall follow its notification to the Covered Entity with a report that meets the requirements outlined immediately below. (iii) Reporting Obligations. (1) For Successful Security Incidents and Breaches, Business Associate — without unreasonable delay and in no event later than 30 calendar days after Business Associate learns of such nonpermitted use or disclosure (whether at Business Associate or at Business Associate Subcontractor) — shall provide Covered Entity a report that will: a. Identify (if known) each individual whose Unsecured Protected Health Information has been or is reasonably believed by Business Associate to have been accessed, acquired or disclosed; b. Identify the nature of the nonpermitted access, use or disclosure including the date of the incident and the date of discovery; c. Identify the PHI accessed, used or disclosed (e.g., name; social security number; date of birth); d. Identify what corrective action Business Associate (or Business Associate Subcontractor) took or will take to prevent further nonpermitted accesses, uses or disclosures; e. Identify what Business Associate (or Business Associate Subcontractor) did or will do to mitigate any deleterious effect of the nonpermitted access, use or disclosure; and f. Provide such other information, including a written report, as the Covered Entity may reasonably request. (2) For Unsuccessful Security Incidents, Business Associate shall provide Covered Entity, upon its written request, a report that: a. identifies the categories of Unsuccessful Security Incidents as described in Section 4(c)(iii)(4), b. indicates whether Business Associate believes its (or its Business Associate Subcontractor's) current defensive security measures are adequate to address all Unsuccessful Security Incidents, given the scope and nature of such attempts and c. if the security measures are not adequate, the measures Business Associate (or Business Associate Subcontractor) will implement to address the security inadequacies. (iv) Termination. (1) Covered Entity and Business Associate each will have the right to terminate this BA Agreement if the other Party has engaged in a pattern of activity or practice that constitutes a material breach or violation of Business Associate's or the Covered Entity's respective obligations regarding PHI under this BA Agreement and, on notice of such material breach or violation from the Covered Entity or Business Associate, fails to take reasonable steps to cure the material breach or end the violation. (2) If Business Associate or Covered Entity fail to cure the material breach or end the violation after the other Party's notice, Covered Entity or Business Associate (as applicable) may terminate this BA Agreement by providing Business Associate or Covered Entity written notice of termination, stating the uncured material breach or violation that provides the basis for the termination and specifying the effective date of the termination. Such termination shall be effective 60 days from this termination notice. (v) Continuing Privacy and Security Obligations. Business Associate's and Covered Entity's obligation to protect the privacy and security of the PHI it created, received, maintained or transmitted in connection with services to be provided under the Engagement Letter and this BA Agreement will be continuous and survive termination, cancellation, expiration or other conclusion of this BA Agreement or the Engagement Letter. Business Associate's other obligations and rights, and Covered Entity's obligations and rights upon termination, cancellation, expiration or other conclusion of this BA Agreement, are those set forth in this BA Agreement and/or the Engagement Letter. IN WITNESS WHEREOF, the Parties have signed this BA Agreement on the dates indicated below. BAKER TILLY US, LLP Village of Deerfield By Pq 4- By Signa ure Si�gnna re Joseph M. Li htca Print Name Print Name Title Director Title Date Signed 12/21/22 Date Signed 7-k2-IZ3