Assurance Report on Internal Controls · Our teams of actuaries, pension specialists, investment...

Assurance Report on Internal ControlsPS Administration Limited (trading as XPS Administration) (AAF 01/06 and ISAE 3000) for the period 1 April 2017 to 31 March 2018

November 2018

Contents

1. Managing Director’s Welcome 1

2. Corporate Philosophy 3

3. Report by Directors of PS Administration Limited 4

4. Structure of the XPS Pensions Group 5

5. XPS Administration Business Structure 6

6. Control Environment 8

7. Assurance Report by the Reporting Accountants 15

8. Summary of Control Objectives and Audit Findings 17

9. Control Procedures and Reporting Accountants’ Tests 19

10. Prospective Customer Disclaimer Letter 47

1

1. Managing Director’s WelcomeI am delighted to present this assurance report for PS Administration Limited (PSAL) (trading as XPS Administration).

XPS Pensions Group plc (formerly Xafinity plc) purchased PSAL in January 2018 and as a consequence we are now trading as XPS Administration, which also encapsulates the pension administration services previously provided by Xafinity prior to the merger.

As a combined business, XPS Administration has over 460 staff in 12 offices around the UK providing services to over 400 trust-based schemes covering some 650,000 members, and has become a leading provider of quality led pensions administration service in the marketplace.

Scope of this reportThis assurance report describes the control environment within which the business formerly known as PSAL operates.

PSAL provides client focused administration solutions for occupational pension schemes. Administration is our core business and we put the member first by focusing on accuracy and the member experience. The high quality, robustness and consistency of our administration services is widely recognised in the market. In March 2018, for the fourth time in 5 years, PSAL ranked first in the Professional Pensions’ survey of Third Party Administrators, coming top in every category against which providers were assessed. This serves to provide independent confirmation that we continue to provide high quality services to our existing clients, as we invest in our people, our technology and our process, to support our future growth and development.

We continuously strive to find ways of improving the level of service delivered to our clients. Our strategy has been to focus on ensuring the delivery of high quality administration services, combined with a commercial proposition that represents value for money. Pension Administration has become an increasingly complex occupation and whilst we have invested significantly in our technology and IT infrastructure over the past 5 years, it is our belief that it is the quality of our people, and the impact they have on the quality of interactions with pension scheme members, that represents our key differentiator.

In support of our requirement to manage a quality controlled administration business, we operate within a robust governance structure which ensures the clear flow of information and the decision making processes. This enables us to react swiftly to regulatory change and stay at the forefront of developments in the industry.

2

Annual audit 2017-18The directors of PSAL appointed BDO LLP in 2006 to audit the operation of our procedures and controls in line with the AAF 01/06 requirements. This is the twelfth such annual report that we have published and it covers the period 1 April 2017 to 31 March 2018. It provides information and assurance to our clients and their auditors with regard to the controlled environment within which we operate.

This report has been produced in accordance with the principles established in ‘Assurance Reports on internal controls of service organisations made available to third parties’ issued as AAF 01/06 by the institute of Chartered Accountants in England and Wales (‘AAF 01/06’) and the International Standard on Assurance Reporting 3000 (‘ISAE 3000’) issued by the International Auditing and Assurance Standards Board (‘IAASB’).

Our control procedures are described in section 10 of this report, together with the testing performed by our external auditors.

At the time of the audit there were 66 documented operating controls in place relating to the services provided by PSAL. Following their audit BDO noted 2 exceptions during the period from 1 April 2017 to 31 March 2018. The first exception identified that access to one of our systems had not been removed for an individual who had left the organisation. In this case the individual had not accessed the system since leaving the company and we have other controls in place to minimise the risk of fraud and the user’s access has now been removed. The second exception noted that an automatic failure notification of a systems interface had not been operational during the audit period, although no evidence was found that this affected any transactional work. In both cases other controls are in place to mitigate risk. The findings have been reviewed and additional measures have been put in place to ensure that these controls are operating correctly in future.

For specific details relating to the exception noted by BDO and the remedial action taken please refer to controls 7.1b (v) and 7.2b(i) in Section 9. BDO have concluded that all other controls were suitably designed and operating effectively throughout the audit period.

David Watkins Managing Director XPS Administration

3

2. Corporate Philosophy

1. Mission and Corporate ValuesXPS Pensions Group is committed to being the provider of choice in pension and employee benefit services.

As the only UK pension specialist listed on the FTSE we have the flexibility to not only think differently, but to act differently.

Our structure means that we make long term, transparent investment decisions that are for the good of our clients and their pension scheme members.

Solely focused on the UK pensions market we remain agile; able to react and innovate at pace with a perfect balance of scale and expertise. With no competing priorities or distractions it’s true to say that we are passionate about pensions. It’s all we do. Nothing else.

As the need to secure financial security in later life becomes increasingly important; XPS Pensions Group are changing the way that we think about pensions and the way that they are structured, managed, administered and delivered. We believe there is a better way.

Better schemes, information, technology and decisions. Better service expectations and ultimately, better financial outcomes for trustees, businesses and members.

We are committed to challenge the expectations of our industry, competitors, clients and especially ourselves.

Our clients trust us because we always put them first. We are reliable, we get things done, we simplify the complexity of the UK pensions market and we always do what we say we will.

We are committed to help increase understanding, share knowledge, reduce risk, protect members, build long lasting relationships and reduce costs. We believe there is a better way.

2. Use of technologyXPS Pensions Group is at the forefront of pension administration in the development of both technology and processes. Clients and scheme members can access up to date information and functionality over the web using our software. We integrate technology with business process through Electronic Data Management (EDM) and workflow technology, delivering cost effective services to clients.

3. Quality and improvementThe continuous monitoring, review and improvement of processes is fundamental to XPS Pensions Group and the administration business and is carried out in a structured and controlled manner. Within the pensions administration business we have a structure, made up from a number of committees representing all areas of the administration business, who are responsible for delivering and managing technical development and training to our staff and top class administration to our clients.

PSAL is certified to ISO 27001:2013 standard. This is audited twice a year by an independent certification body, LRQA.

Paul Cuff Co-Chief Executive Officer

4

3. Report by Directors of PS Administration Limited

As directors we are responsible for the identification of control objectives relating to the provision of pension administration services, and the design, implementation and operation of controls to provide reasonable assurance that the control objectives are achieved.

In carrying out those responsibilities we have regard not only to the interests of clients but also to those of the owners of the business and the general effectiveness and efficiency of the relevant operations.

The accompanying description has been prepared for clients to whom we provide pension administration services and their auditors who have a sufficient understanding to consider the description, along with other information including information about controls operated by clients themselves, when assessing the risks of material misstatements of clients’ financial statements.

We have evaluated the fairness of the description and the design suitability in accordance with the principles established in ‘Assurance Reports on internal controls of service organisations made available to third parties’ issued as AAF 01/06 by the institute of Chartered Accountants in England and Wales (‘AAF 01/06’) and the International Standard on Assurance Reporting 3000 (‘ISAE 3000’) issued by the International Auditing and Assurance Standards Board (‘IAASB’).

We confirm that:

a. The accompanying description at pages 5 to 14 and 17 to 46 fairly represents PSAL pension administration services from 1 April 2017 to 31 March 2018. In addition to the control objectives specified in AAF 01/06, the criteria used in making this assertion were that the accompanying description:

i. Presents how the services were designed and implemented, including:

• The types of services provided and, as appropriate, the nature of transactions processed.

• The procedures, both automated and manual, by which client transactions were initiated, recorded and processed; the accounting records and related data that was maintained, reported and corrected as necessary.

• The system which captured and addressed significant events and conditions, other than client transactions.

• The components of the information systems supporting the relevant transactions that protected the confidentiality, integrity and availability of data.

• Other aspects of our control environment, risk assessment process, monitoring and information and communication systems, were relevant to our control activities.

ii. Does not omit or distort information relevant to the scope of the services being described, while acknowledging that the description is prepared to meet the common needs of a broad range of clients and their auditors and may not, therefore, include every aspect of the services that each individual client may consider important in its own particular environment.

b. The controls related to the control objectives stated in the accompanying description were suitably designed as at 1 April 2017. The criteria used in making this assertion were that:

i. The risks that threatened achievement of the control objectives stated in the description were identified.

ii. The identified controls would, if operated as described, provide reasonable assurance that those risks did not prevent the stated control objectives from being achieved.

David Watkins Managing Director

November 2018 Signed on behalf of the PS Administration Limited Board of Directors

5

4. Structure of the XPS Pensions Group The XPS Pensions Group was established following the purchase of three Punter Southall businesses by Xafinity PLC and the sale of one Xafinity PLC business to the Punter Southall Group in January 2018. XPS Pensions Group is a UK specialist in pensions actuarial, consulting and administration, providing a wide range of advisory and compliance services to over 1,200 pension scheme clients. We work with the trustees and sponsoring employers of UK pension schemes to deliver better outcomes for both them and their members.

The Group is the largest pure pension consultancy and the only listed pension specialist in the UK market. Our teams of actuaries, pension specialists, investment consultants and administrators are dedicated to delivering excellence in customer service, clear advice and improved use of technology to facilitate effective decision-making by our clients and their pension scheme members.

The merged businesses forming the XPS Pensions Group increased revenues from £52m in 2017 to £66m in 2018, and continue to be widely recognised in the market for their high quality, robustness and consistency. XPS Administration now provides administration services to over 400 pension schemes with assets of over £72bn. Our client schemes range from 20 to 75,000 members, and in total we serve some 650,000 members.

The XPS Pensions Group comprises ‘sister’ subsidiaries, as shown in the following diagram, whose services complement and mutually benefit the rest of the Group.

6

5. XPS Administration Business Structure XPS Administration provides client focused administration solutions for occupational pension schemes. Our merged administration business provides the full range of pension administration services to over 400 trust-based schemes from 12 offices around the UK, within a structured and quality controlled environment. Our team of around 460 pension administration staff provides services to a wide range of trust-based company pension schemes, including: defined benefit; defined contribution; career average revalued earnings (CARE) and hybrid schemes.

We seek to provide the highest levels of quality, and continuously strive to find ways of improving the level of service delivered to our clients. In March 2018 we were ranked first in Professional Pensions’ survey of Third Party Administrators, for the fourth time in 5 years, coming first in all 8 categories surveyed.

We use an individual scheme-based approach to administration, with one client team responsible for all aspects of our administration service. This ensures we focus on the needs of our clients and their scheme members, and that the quality controls we apply remain relevant and robust.

In support of our requirement to manage a quality controlled administration business we operate within a governance structure which ensures the clear flow of information and the decision making processes. This enables us to react swiftly to regulatory change and stay at the forefront of developments in the industry.

6

7

XPS Administration – Governance

Operations Manager Group

• Information exchange• Delegated decision

making• Consistent approach

to delivery• Idea sharing & debate• Continuous

improvement initiatives

• Feedback to AOC

Admin Services Group

• Review & develop quality control framework

• Technical & process analysis of legislative change

• Maintains standard letters & process guidance

• Technical training framework

• Providing support to administration teams via the resolution of specific queries

• Issuing of technical guides, training & awareness

Business Services Group

• Development and support for business applications

• Management of new business transition projects

• Project support for client teams

• Management of internal business change projects

• Production of management reporting information

• Business interface with IT infrastructure

CMT / ACS

• Manage the commercial relationships for Administration only clients

• Interact with DB / DC Growth groups

• Ensure the CMT framework is applied for Full Service Contracts

• Work with the Client teams to deliver shared objectives

• Provide consultancy advice where appropriate

• Liaise / work with ASG

Risk Management Committee (RMC)• Oversees risk management framework,

including strategic risk• Sets audit framework, both internal

and external audits• Oversees legal & regulatory framework• Monitors compliance with legislation,

regulation & internal policies• Works with AOC & EXCO to ensure

risks / issues raised & addressed

Administration Operations Committee (AOC)• Responsible for the delivery of high quality

services• Constant oversight / intervention in relation to

all aspects of delivery to clients• Monitors resourcing levels and capacity

planning• Escalation of key business risks / issues to

EXCO & RMC• Staff development - Via training & Study

Sub-Committee• Operational efficiency initiatives - Via Efficiency

Sub-Committee• Monitors the delivery of agreed SLAs & agrees

intervention actions• Oversees continued compliance with legislation

& regulation

XPS Administration Executive Committee (Admin EXCO)• Sets business direction• Key decision making• Delivery of strategy, sets & monitors budgets,

& KPIs• Approvals - resourcing decisions, all budget

spending, changes to T&Cs• Enforces continued compliance with legislation

& regulations• Agrees policy & considers response to risk

& compliance issues Information Security Steering Committee (ISSC)• Oversight of the ISO accreditation

audit, review, decision making

XPS Administration Executive Board • To replace PS Administration Board

meetings• Oversight• Business governance• Strategic review / direction• Business development / Investment

decisions

8

The directors of XPS Pensions Group are committed to deploying a strong control environment throughout the company. This control environment for pension administration services is achieved through the following measures.

6.1 Risk ManagementAn effective Risk Management culture has been embedded throughout the organisation with strong leadership and direction from Executive Management to ensure the reputations of clients and the company remain secure.

Following the combining of the former Xafinity and PSAL administration businesses in January 2018, a new risk management structure has been implemented across the administration business. The Administration Risk Management Committee, chaired by the Managing Director of PSAL, oversees the overall business risk strategy and reports to the XPS Executive Board. This Committee has implemented a risk management framework and risk policy to be used throughout the administration business. These, combined with an effective oversight and governance structure, ensure that the risks the organisation faces are identified in a timely manner and are effectively managed.

The Committee members have been drawn from all departments across the administration business. This committee meets quarterly and is responsible for the following areas relating to administration:

• Risk management and reporting

• Internal and external audits

• Internal control framework

• Fraud prevention

• Business continuity and disaster recovery

• Compliance with legislation

• Complaints and errors

• Data Protection and Information Security

• Training and development

• Contractual agreements.

6.2 Business ContinuityBusiness Continuity Management (BCM) is integral to the risk management strategy of PSAL. The primary objective of our BCM programme is to ensure that critical business functions and processes are prioritised and can be recovered within predetermined timeframes in response to a major operational disruption.

This ensures continuity of our core services and safeguards the interests of all our stakeholders. Our programme is aligned to IS022301 and industry good practice.

We have a Business Recovery Plan (BRP) that prioritises the recovery of critical processes and details the strategies and resources required to do so. This plan is updated at least annually, or sooner to reflect business change. The plan is accessible in paper form, held securely off-site by key personnel, as well as electronically via the company’s intranet. If any office is inaccessible for more than half a working day, our displacement strategy ensures that critical functions can either continue to work from a dedicated third party work area recovery site, be displaced to another office or work from home.

A Transitional Services Arrangement (TSA) is in place whilst the merged businesses come together, during which IT services continue to be provided by the Punter Southall Group (‘the Group’). The Group operates a primary and a DRAAS centre design with all critical systems and data replicated across both sites, ensuring that there are multiple copies of the data available. Other data is backed up to a geographically separate secure site. Critical systems and data are replicated from the primary site to the DR site, ensuring that in the unlikely event that the primary site is unavailable, these systems can rapidly be made available from the DR site. The systems across all sites are monitored on a constant basis to ensure they are operating as expected, with regular testing to ensure the procedures required to switch to the DR site are current and effective.

Business Recovery Plans are tested twice annually; once focusing on the IT Disaster Recovery elements and once focussing on a denial of access scenario impacting our offices. This approach ensures that the plans and data held within them are tested and validated on a regular basis. All- staff rapid notification tests are also carried out annually.

During the last 12 months we carried out a work area recovery test to test the Group displacement strategy in a denial of access scenario. In addition our BRP has been tested by a live incident in June 2018. These tests confirmed that our displacement strategy remains appropriate. A rolling programme of ongoing tests is planned for 2018 / 2019.

6.3 Information SecurityUnder the Transitional Services Agreement (TSA) we continue to be subject to the Information Security policies and controls operated by the Punter Southall Group during the transitional period.

6. Control Environment

9

Information Security is fundamental to the risk management strategy of the organisation and we take the protection of our information assets and those of our clients very seriously.

The Administration Risk Management Committee (RMC) has responsibility to the PSAL Board to ensure the Information Security framework is in place and working effectively. It is supported by the Information Security Steering Committee (ISSC). The ISSC is responsible for monitoring Information Security performance through regular meetings with the Punter Southall Group IT Services Director, and for ensuring that all IT systems and data handling are secured in line with current legislation, industry best practices and ISO 27001 standards governing information security, where appropriate.

PSAL has deployed its own Information Security Management System (ISMS) based on ISO 27001:2013. This is supported by a comprehensive suite of Information Security policies which provide staff with formal guidance on how we protect our information, along with an Annual Information Security and Data Protection Awareness training programme. The policies and the controls documented within the suite are mandatory for all staff. These policies are reviewed and updated at least annually and are approved by the Punter Southall Group Board.

As part of our internal audit programme, our controls and governance framework are audited throughout the year, including AAF 01/06 annual reviews. These controls and the ISMS are aligned to the ISO 27001 standard.

In January 2018, as part of the merger, a new ISMS was successfully implemented taking the new company structure into account. PSAL obtained ISO 27001:2013 certification in its own right, with the certification covering all of the original PSAL offices and clients.

The Punter Southall Group (whose Information Security controls have been formally adopted by PSAL during the transition to XPS Group) has a range of technical controls in place to protect its information assets, including next generation firewalls, Security Information and Event Management Software (SIEM) an Intrusion Protection System (IPS) and anti-virus software. The Group utilises Vulnerability Scanning Software to regularly check for weaknesses within its systems / applications. These scans are supported by additional independent Penetration Tests that are carried out by CHECK / CREST approved suppliers.

Information Security policies require that users must employ a complex password to access the Group’s systems and that they are forced to change their passwords at least every 90 days.

All Punter Southall Group computer systems are only accessible by authorised individuals. All users who require access to the Punter Southall Group information systems are assigned a set of unique credentials with access rights that will only allow them access to the information they need to carry out their job function. Access rights for users must be authorised by line managers and specialised technical privileges must be authorised by the IT Operations Manager. Access to client databases is further segregated via security groups and they are only accessible to those staff that work on the particular client. This access is reviewed quarterly.

Information Security Management Systems and policies are being reviewed following as part of the merger. An updated Information Security structure and policies will be implemented by the end of the TSA period.

6.4 Third Party ManagementUnder the Transitional Services Agreement, PSAL’s third party suppliers are subject to the Punter Southall Group Third Party Management Policy. This ensures that all suppliers with physical or logical access to information classified as Private and Confidential are effectively managed. The policy ensures the following:

• Third parties are reviewed prior to any access to information being granted. Access is only allowed if they can demonstrate they comply with the standards required by the Punter Southall Group.

• Confidential information is protected when accessed, handled by, or transmitted to third parties.

• There is a standardised approach to identifying, communicating and managing risk introduced by third parties.

• Information Security incidents associated with third party access are identified and managed effectively.

Third Party Management procedures and policies are under review as part of the merger.

6.5 Training and Development Programme

PSAL services encompass a variety of different disciplines within the business. We offer full support to all our employees wishing to sit professional qualifications within their discipline. The majority of our administrators are either studying for, or have attained, professional qualifications established under the Pensions Management Institute.

10

We currently hold the IIP Accreditation ‘Silver Status’. The Silver status award requires organisations to demonstrate evidence against 115 individual requirements (76 more requirements than those needed to satisfy the conditions of the core IIP standard). IIP is about training and developing staff to enable the company to achieve its aims, visions, goals and strategy. This benefits both the individual and the company, ensuring that all employees are motivated and offered progressive career paths.

We operate a half yearly appraisal system, focusing on both personal and business development. This provides all employees with the chance to discuss development opportunities, agree training programmes and work towards clear objectives. To aid this process we have recently introduced a new performance management system, Actus, which enables employees to record, track and update performance objectives more easily.

The pension industry is subject to regular legislative changes and, in order to continue providing a high quality service to our clients, it is vital that all our employees are able to react to these changes. Our dedicated technical support teams, with representatives from each discipline, keep abreast of these developments and provide our employees with any training required.

In addition, all employees are required to participate in our mandatory online training programme to ensure they operate in accordance with legislative and Group standards. This programme includes Awareness of Bribery and Corruption, Anti-Money Laundering, Information Security and Data Protection training.

We have a Study and Training Committee in place to help develop and maintain the overall administration training and study support framework, ensuring it meets the needs of the business. This is achieved by developing sufficient technical and procedural expertise to support our quality structure and manage the risk of noncompliance with legislation; developing IT skills to assist efficiency; promoting and supporting the various professional qualifications and assisting with the personal development of our administration staff.

6.6 ComplianceOur Administration Services Group (ASG) is a central team that assesses the impact of legislative change to identify any issues which impact on our clients and administration processes. Any new compliance requirements and process changes are communicated via ‘eProcess Updates’ and ‘Admin Process Updates’ backed up by face-to- face discussions with our Administration Managers. ASG also maintains a comprehensive intranet site

which is accessible to all administrators providing a reference source for technical materials as well as procedural guidance, standard letter templates and checklists. All of this ensures compliant processes and a consistent quality of administration.

6.7 Management InformationOur administration corporate governance structure includes an Executive Committee and an Administration Operations Committee (AOC), which meet on a monthly basis to analyse key management information.

A management information pack is distributed to our management group for these meetings. It has been designed to capture management information on all aspects of the administration business.

The statistics provided cover the following:

• Team, client and location performance against Service Level Agreements

• The volumes of work experienced

• An age analysis for any work outstanding at the end of the reporting period

• Analysis of accuracy (at the point of checking / peer review)

• Critical DC processes such as investment and lifestyling processes, control checks

• Financial and staffing information

• Client banking information

• Feedback from member questionnaires received

• A trend analysis covering the prior three and twelve month periods

• An analysis of unresolved errors and complaints recorded.

This provides both our Administration Executive Committee and AOC with a powerful reporting tool that is used to identify any risks or issues, with a view to agreeing rectification measures. There is regular interaction between AOC and the Administration Risk Committee with representatives from Operations and Risk on both committees.

6.8 Information and Communication

We regularly report back to our clients on our performance against the agreed standards through an administration report which is prepared for each trustee meeting. This report includes details and commentary on various aspects of the running of their scheme, including the following:

• Financials; including contributions received and income and expenditure

• Trustees’ discretions exercised during period

• Membership statistics

11

• Service level reports

• Compliance with legislation

• Member satisfaction questionnaires

• Developments / changes within PSAL.

This report has been specifically designed to assist the trustees with meeting their governance requirements in accordance with legislation and the Pensions Regulator’s guidance.

6.9 Administration TechnologyWe are constantly evaluating and reviewing our administration systems and infrastructure and have introduced a number of significant improvements over the past few years.

PenScopeThe platform we use to support our administration service is PenScope. This system was originally developed in-house and in 2009 we entered into an outsourcing contract with the pension software and transition management company, ITM. Accordingly, ITM now own the rights to PenScope and provide support and further development to us under contract.

We have made, and continue to make, a significant contribution in the development of the PenScope administration system, to ensure that it represents leading edge technology, and that it fully supports our focus on quality, accuracy and efficiency.

The main features of PenScope are:

• It is designed based on extensive experience of final salary, money purchase, hybrid, cash balance and CARE schemes.

• It is a browser based application with a zero client install.

• The application database is run on the industry standard MS SQL Server ensuring flexible access to the database content.

• A MS.NET framework provides a centralised and well managed calculation engine coded in the widely used VBA.NET programming language.

• Web Services enabling integration routes for third party products and our own member web-access offering

Member web-access (MyPension.com)Over the past year we have continued to roll out MyPension.com to a number of our clients, which has enabled them in turn to offer their members online access to the member details we hold on our administration system (PenScope). Trustee access to scheme membership data is also supported via MyPension.com.

Over the last year we have also embarked on a redesign of the platform with a focus on improved client access, through the introduction of responsive design technologies and greater self-service. Phased roll-out to our clients is currently underway.

Some current features for defined benefit schemes include:

• Access for active, deferred and pensioner members to personal details.

• Members can view and amend contact and ‘expression of wish’ details.

• Members can post enquiries directly to their administration team with the enquiries falling directly into our Business Process Management (BPM) system.

• Where calculations are automated on PenScope members can perform online calculations and receive immediate online quotations.

• Members can view their personal documents e.g. benefit statements, leaver statements and e-payslips.

• Members can view scheme documents e.g. booklets and forms.

• Client (pensions manager or trustee) access with ability to search and view member records.

• Design (logos and colour scheme) can be tailored to match clients’ corporate branding.

In addition to the above, features for defined contribution schemes include:

• Members can view their latest fund values.

• Request changes to their fund choices and contribution rates.

• Access a new DC Modeller and run to run pension projections.

• Multi-platform access including browsers, tablet and smart phone.

MyPension.com

12

AlfrescoAlfresco is our converged Electronic Content Management (ECM) and Business Process Management (BPM) system used to create efficient, connected processes that present member and scheme documents to all our administration teams in a single browser interface. By utilising its inbuilt functionality we are able to better manage and audit our administration processes as well as integrate with our administration and reporting systems.

Some of our current highlights include:

• The integration of a Central Member Database (CMDB). This is our master data source to client data pulled from our various administration systems and is used to accurately tag content with the most current, relevant and accurate personal member data.

• Dynamic in flow check-list guiding administrators through the process and ensuring benefits are accurate and compliant.

• Integration with our reporting systems allowing us to report historical and current work item status and Service Level Agreement counters.

CashFac – Virtual Banking TechnologyCashFac is virtual banking software introduced to support our accounting and treasury services allowing us to adopt full electronic banking and payment functionality. CashFac links to our banking partners to deliver up to date transactional information by 8am each day. Thus we have removed the risks associated with paper based cashiering processes and made significant efficiency gains.

CashFac enables the following:

• Automated payments including BACS, CHAPS and SWIFT.

• Consistent control of all cash management regardless of bank.

• Automatic daily bank account reconciliation.

• Secure, distributed and tailored user access to scheme bank accounts and cash analysis across multiple locations.

• Simultaneous payment and cash analysis in multiple currencies.

• An online audit trail for all transactions and events.

• Tailored reporting based on business criteria.

• Automatic Transaction Matching and Allocation suggests matches for receipts that lack reference data for automated matching.

• Integration with Alfresco to allow one click retrieval of supporting transaction documents.

Over 90% of our clients to whom we provide client banking services have now moved over to CashFac, enabling greater control and security on the service we provide.

NGA HR Payroll SoftwareAll of our client payrolls are managed by our central specialist pension payroll team who are based in our Newcastle office.

The PS Enterprise application used by our payroll team is a proven and comprehensive system that has been engineered to provide key users with all the flexibility and functionality that they require to enable them to carry out their day to day activities effectively and efficiently. It also enables those users to utilise powerful analytical and reporting tools to allow them to analyse and distribute information in real time. PS Enterprise is scalable so as to accommodate many thousands of employees / pensioners. Robust security and comprehensive audit features also ensure the integrity of the solution – all historical information is available on-line at all times.

Currently we have integration in place that:

• Integrates payroll records added and amended within our CMDB.

• Automates the New Starter processes by adding retirements processed on PenScope automatically to the Payroll.

• Automatically publishes pensioner payslips to our member online web portal (MyPension.com).

13

Altus Investment Gateway and Straight Through ProcessingWe have introduced the Altus Investment Gateway (AIG) into our technology framework to enable ‘Straight Through Processing’ (STP) for both Defined Benefit (DB) and Defined Contribution (DC) investments wherever possible. STP is the end to end management of investment transactions, utilising technology and automated system controls, to minimise manual intervention and therefore to reduce risks.

With PenScope and the AIG being fully integrated, we can now load Client generated contribution files directly in to PenScope, where they are validated, approved, and investment instructions securely passed to the AIG. Once received by the AIG, the deal is completed. Confirmation and prices are passed into the Gateway from the fund managers, and order messages to the fund managers (utilising the Via Nova standard). Confirmations, price & holdings along with transaction data and reports are passed directly back into PenScope where member records are updated and fund / unit reconciliation can be completed.

Profund AviaryProfund Aviary is an innovative accounting solution created specifically for occupational pension schemes and third-party administrators. The system is designed to turn data into management intelligence with the minimum of time and effort through the use of automation and the ‘Key Once’ philosophy. It was purposely designed to meet the unique demands created by members and investments, rather than suppliers and income as in a conventional ledger. Additionally the integrated report and accounts production tool, Aviary Draft Accounts Reporting (ADAR), provides simplified production of compliant Pension Scheme Reports and Accounts.

Profund Aviary is a best of breed accounting application and is used by more than 1,500 schemes, ranging in size and complexity, to manage their pension scheme accounts.

PS PlannerOur multimedia DC projection tool offers the following benefits for scheme members:

• Fully interactive modelling of DC pension projection, consistent with our SMPI approach.

• The ability to see the effect of changing investment strategy, contributions, retirement age, and pension options.

• Full graphical reports that can be downloaded and printed.

• The ability to access the tool from work or home.

Pensions Online Documents (POD)We have developed a secure online document storage facility that allows our clients to store scheme documents and access them remotely via the internet for viewing and / or printing. We currently have a number of clients across the business which have Sites set up to access this facility.

It can also be used for posting papers for discussion (at meetings and conference calls) and provides an excellent archive of historic documents. This enables trustees to easily access the most up to date version of documents, whilst also being able to access historic documents if required.

Future Technology DevelopmentsAs with the enhancements listed above, future developments will be evaluated on the basis of clear business benefits, ranging from risk reduction for ourselves and for our clients to the achievement of greater efficiencies via the intelligent use of technology. We will not step away from our fundamental belief that quality administration requires quality people, and not simply investment in technology.

Our systems development roadmap includes the provision of an enhanced web proposition for clients.

POD

14

The planned enhancements are:

• The replacement of PS Planner with a DC Modeller and DB Modeller embedded directly into MyPension.com enabling direct member record data-feeds and scheme specific customisation.

• Client (pension’s manager or trustee) access to our workflow system to view member casework in progress and / or produce standard reports.

• The migration of our current payroll solution to the NGAHR ResourceLink platform.

• The introduction of ePortal, a web facing service allowing clients to securely post HR interface files that will be applied to our Administration platform in real-time.

• The integration of a Cloud hosted calculation engine with PenScope in order to process a variety of Cash Equivalent Transfer Values (CETV) and Value Based Calculations (VBC).

6.10 Client Control ConsiderationsThe control procedures relating to pension administration activities cover only a portion of the overall internal control structure of each client account (together termed ‘User Entities’). Each client must evaluate the control procedures detailed below in conjunction with the controls in existence at their own organisation.

This section highlights those control responsibilities that we believe should be present for each client and has considered when developing the control procedures described herein.

The controls described below are intended to address only those controls surrounding the interface and communication between each client and PSAL. Accordingly, this list does not purport to be, and is not, a complete listing of the controls which clients may need to have in place.

• Instructions and information provided to PSAL are in accordance with the provisions of the agreement governing the account or other applicable agreements between PSAL and the client.

• Timely written notification of changes to the client account objectives, guidelines or provisions of the governing agreement is made to PSAL.

• Timely review of reports provided by PSAL is performed by the client and written notice is provided of discrepancies, if any, with the client’s own records.

• Timely review of invoices for fees and written notice of discrepancies, if any, with market values with appropriate client records.

• Timely written notification of changes to individuals authorised to instruct PSAL regarding activities on behalf of the client, is made to PSAL.

15

7. Assurance Report by the Reporting Accountants

Reporting accountants’ assurance report on internal controls of PS Administration Limited

To the Directors of PS Administration Limited

Use of reportThis report is made solely for the use of the directors, as a body, of PS Administration Ltd (‘PSAL’) and solely for the purpose of reporting on the internal controls of PSAL, in accordance with the terms of our engagement letter dated 23 February 2018.

Our work has been undertaken so that we might report to the directors those matters that we have agreed to state to them in this report and for no other purpose. Our report must not be recited or referred to in whole or in part in any other document nor made available, copied or recited to any other party, in any circumstances, without our express prior written permission.

To the fullest extent permitted by law, we do not accept or assume responsibility to anyone other than the directors as a body, PSAL and the customers using PSAL’s services, for our work, for this report or for the opinions we have formed.

Subject matterThis report covers solely the internal controls of PSAL as described in our report for the period 1 April 2017 to 31 March 2018. Internal controls are processes designed to provide reasonable assurance regarding the level of control over customers’ assets and related transactions achieved by PSAL in the provision of pension administrations services by PSAL.

Respective responsibilitiesThe directors’ responsibilities and assertions are set out at pages 3 to 4, of your report. Our responsibility is to form an independent conclusion, based on the work carried out in relation to the control procedures of PSAL’s pension administration function carried out at the offices of PSAL as described in PSAL’s Assertion and report this to the directors of PSAL.

Criteria and scopeWe conducted our engagement in accordance with International Standard on Assurance Engagements (Revised) (ISAE) 3000 and the Institute of Chartered Accountants in England and Wales Technical Release AAF 01/06.

The criteria against which the control procedures were evaluated are the internal control objectives developed for service organisations as set out within the Technical Release AAF 01/06 and identified by the directors as relevant control objectives relating to the level of control over customers’ assets and related transactions in the provision of pension administration services. Our work was based upon obtaining an understanding of the control procedures as described on pages 19 to 46 and evaluating the Punter Southall Administration Limited’s assertions as described on pages 3 to 4 in the same report to obtain reasonable assurance so as to form our conclusion. Our work also included tests of specific control procedures, to obtain evidence about their design and implementation in meeting the related control objectives. The nature, timing and extent of the tests we applied are detailed on pages 19 to 46.

Our tests are related to PSAL as a whole rather than performed to meet the needs of any particular customer.

55 Baker Street London W1U 7EU Telephone: +44 (0)20 7486 5888 Facsimile: +44 (0)20 7487 3686 DX 9025 West End W1 Website: www.bdo.co.uk

BDO LLP Chartered Accountants

16

Inherent limitationsPSAL’s control procedures are designed to address specified control objectives and are subject to inherent limitations and, accordingly, errors or irregularities may occur and not be detected. Such control procedures cannot guarantee protection against (amongst other things) fraudulent collusion especially on the part of those holding positions of authority or trust. Furthermore, our conclusion is based on historical information and the projection of any information or conclusions in the attached report to any future periods would be inappropriate.

OpinionOur opinion has been formed on the basis of the matters outlined in this report. The criteria we used in forming our opinion are those described in the management assertion set out on pages 5 to 6 of this report.

Notwithstanding the issues identified in the report in Section 9, in our opinion, in all material aspects:

(i) the accompanying report by the directors describes fairly the control procedures that relate to the control objectives referred to above which were in place throughout the period 1 April 2017 to 31 March 2018;

(ii) the control procedures described on pages 19 to 46 were suitably designed, implemented and tested such that there is reasonable, but not absolute, assurance that the specified control objectives would have been achieved if the described control procedures were complied with satisfactorily throughout the period 1 April 2017 to 31 March 2018.

(iii) the controls that we tested were operating with sufficient effectiveness to provide reasonable assurance that the related control objectives stated in the description were achieved throughout the period 1 April 2017 to 31 March 2018.


Date of Assurance Report: 19 September 2018

BDO LLP

17

8. Summary of Control Objectives and Audit Findings

Ref Control objectives Audit findings

1 Accepting clients• Accounts are set up and administered in accordance with client agreements

and applicable regulations.

• Complete and authorised client agreements are in place prior to starting administration.

• Pension schemes taken on are properly established in the systems in accordance with the scheme rules and individual elections.

No exceptions noted

2 Authorising and processing transactions• Contributions to defined contribution plans, defined benefit schemes, or

both, and transfers of members’ funds between investment options are processed accurately and in a timely manner.

• Benefits payable and transfer values are calculated in accordance with scheme rules and relevant legislation and are paid on a timely basis.

No exceptions noted

3 Maintaining financial and other records• Member records consist of up to date and accurate information and are

updated and reconciled regularly.

• Contributions and benefit payments are completely and accurately recorded in the proper period.

• Investment transactions, balances and related income are accurately recorded in the proper period.

• Scheme documents (deeds, policies, contracts, booklets etc.) are complete, up to date and securely held.

No exceptions noted

4 Safeguarding assets• Member and scheme data is appropriately stored to ensure security and

protection from unauthorised use.

• Cash is safeguarded and payments are suitably authorised and controlled.

No exceptions noted

5 Monitoring compliance• Contributions are received in accordance with scheme rules and relevant

legislation.

• Services provided to pension schemes are in line with service level agreements.

• Transaction errors are rectified promptly and clients treated fairly.

No exceptions noted

6 Reporting to clients• Periodic reports to participants and scheme sponsors are accurate and

complete and provided within required timescales.

• Annual reports and accounts are prepared in accordance with applicable law and regulations.

• Regulatory reports are made if necessary.

No exceptions noted

18

7 Information technology

7.1 Restricting access to systems and data• Physical access to computer networks, equipment, storage media and

program documentation is restricted to authorised individuals.

• Logical access to computer systems, programs, master data, transaction data and parameters, including access by administrators to applications, databases, systems and networks, is restricted to authorised individuals via information security tools and techniques.

• Segregation of incompatible duties is defined, implemented and enforced by logical security controls in accordance with job roles.

Exception noted

* Exception noted: From our sample of 5 leavers selected to test the removal of access, the Cashfac access had not been removed for one leaver. Through additional procedures performed, we noted that there had been no activity on the account after the user had left the organisation. Further, we note that the access of the user had been removed once management were notified.

7.2 Providing integrity and resilience to the information processing environment, commensurate with the value of the information held, information processing performed and external threats• IT processing is authorised and scheduled appropriately and exceptions are

identified and resolved in a timely manner.

• Data transmissions between the service organisation and its counterparties are complete, accurate, timely and secure.

• Appropriate measures are implemented to counter the threat from malicious electronic attack (e.g. firewalls, anti-virus etc.).

• The physical IT equipment is maintained in a controlled environment.

Exception noted

* Exception noted: BDO noted that Alerts for failures in data transmission between Altus and Penscope were not operational prior to 19 October 2017. However, verified through inspection of documentation that this was remediated during the period. Through discussions held, noted that errors in data transmission would be identified through a number of reconciliations performed as highlighted in control 2.1.

7.3 Maintaining and developing systems hardware and software• Development and implementation of new systems, applications and

software, and changes to existing systems, applications and software, are authorised, tested, approved and implemented.

• Data migration or modification is authorised, tested and, once performed, reconciled back to the source data.

No exceptions noted

7.4 Recovering from processing interruptions• Data and systems are backed up regularly, retained offsite and regularly

tested for recoverability.

• IT hardware and software issues are monitored and resolved in a timely manner.

• Business and information systems recovery plans are documented, approved, tested and maintained.

No exceptions noted

7.5 Monitoring compliance• Outsourced activities are properly managed and monitored.

No exceptions noted

19

9. Control Procedures and Reporting Accountants’ Tests

1. Accepting clients

Accounts are set up and administered in accordance with client agreements and applicable regulations.

Control activity and description BDO test procedures

1.1 Process Due diligence checks, including Anti Money Laundering procedures are completed as part of the initial client set up process. No appointment is accepted until the process is completed.

An Anti-Money Laundering Verification form is completed by the Client Manager and forwarded to PSAL’s compliance department.

Control PSAL’s Compliance Department maintains a central database to record that verification forms have been completed for all new clients prior to the commencement of the contract.

Verified through the inspection of documentation that PSAL’s Compliance Department maintained a central database to record that verification forms had been completed for all new clients prior to the commencement of the contract.

For the sample of new clients selected, verified through the inspection of documentation that due diligence checks, including AML procedures had been completed as part of the initial client set up process. No appointments were accepted until the process had been completed.

No exceptions noted.

1.2 Process Following appointment a ‘handover period’ is agreed with a date when full administration will commence.

All scheme data and documentation is requested from the current administrator. A standard data request form is used to ensure that all relevant data and information is requested.

Control When information is received a basic check is conducted by the Client Team or BSG (Business Support Group) to ensure that the correct information / data has been received.

Items received are checked off against the data request form and the installation checklist by the Client Team.

For the sample of new schemes selected, verified through the inspection of documentation that when information is received, a check is conducted by the Client Team or BSG (where relevant) to ensure that the correct information / data had been received.

Verified through the inspection of documentation that items received are checked off against the data request form and the installation checklist by the Client Team.


20

1.3 Process Data received is verified reviewed and loaded by the supervisor.

Control Once the supervisor / client lead is satisfied that the data is complete and valid it is loaded on to the relevant systems. Completion of the transfer of data is evidenced by a formal sign off from the supervisor / client lead.

The migration to the relevant systems is confirmed by BSG once the system is released to live.

For the sample of schemes selected, verified through the inspection of documentation that once the supervisor / client lead was satisfied that the data was complete and valid, it is loaded on to the relevant systems. Completion of the transfer of data was evidenced by a formal sign off from the supervisor / client lead.

Further verified through the inspection of documentation that the migration to the relevant systems was confirmed by BSG once the system is released to live.


1.4 Process DC records are set up to mirror totals held by the previous administrator in accordance with individual elections.

Controls Totals are reconciled to the previous administrators’ totals for each investment fund, and individual records spot-checked by the supervisor. Any differences or anomalies are identified and corrective action is taken as necessary.

For the sample of schemes selected, verified through the inspection of documentation that the migration totals were reconciled to the totals held by the previous administrator and confirmed that where differences or anomalies were identified, these were investigated and corrected. The migration reconciliation was signed off by the administrator responsible and reviewed by their supervisor.


1.5 Process The BSG Team (where involved) along with the Client Team manage and monitor the client take on process.

Progress of the implementation is reported on according to the communication strategy agreed for the project.

Control Any issues identified during the process are resolved with the previous administrator or the sponsoring employer.

Once all stages have been completed the project is closed off by the Project Manager or the Client Lead, where appropriate.

For the sample of schemes selected, verified through the inspection of documentation that any issues identified during the process are resolved with the previous administrator or the sponsoring employer.

Once all stages had been completed, the project was closed off by the Project Manager or the Client Lead, where appropriate.


1.6 Process An application to set up a new scheme bank account is completed by the administrator or cashier if required by the terms and conditions agreed with the client.

The application is signed by the trustees with a mandate granting signing rights to authorised signatories within PSAL.

Control The cashier team will process payments in accordance with the bank mandate which has been authorised by the Trustees.

For the sample of schemes selected, verified through the inspection of documentation that the cashier team processed payments in accordance with the bank mandate which had been authorised by the Trustees.


21

Complete and authorised client agreements are operative prior to initiating administration activity.


1.7 Process A tailored, client-specific administration agreement which includes an administration and data protection agreement is drawn up, reviewed and amended as required.

Control Work only commences once the appointment documentation has been acknowledged by the trustees in writing.

For the sample of new schemes selected, verified through the inspection of documentation that work only commenced once the appointment documentation had been acknowledged by the trustees in writing.


Pension schemes taken on are properly established in the system in accordance with the scheme rules and individual elections.


1.8 Process The client team define the calculation requirements for the scheme and identify the automation methodology to be used – PenScope spreadsheet functionality or manual calculations.

Appropriate sections are set up on PenScope to reflect the scheme rules and individual elections.

Calculations are specified in accordance with the scheme rules.

Where PenScope automation is selected, ITM Ltd programme the calculations.

Control Calculations and automation methodology for each section to be coded are identified by the client team and signed off by the Client Lead. Approval for the calculations to be programmed is authorised by the Managing Director or such individuals who have delegated authority.

Calculation specifications for each section to be coded are created by the Client Team / BSG. These specifications are then signed off by the Client Lead or the Scheme Actuary (where specified by client).

A sample of calculations are manually recalculated in accordance with the scheme rules and checked by the supervisor to confirm that the results match.

ITM Ltd programme the calculations to the specifications and test cases provided. Once the Client Team / BSG have completed testing and resolved any issues with ITM Ltd, formal sign off is required before the calculations are released. Where manual or spreadsheet automation is to be provided calculations are set up in accordance with the calculation specifications and results are tested against test cases provided. The calculation methodology adopted is signed off by the Client Lead or the Scheme Actuary (where specified by client) before being released.

For the sample of schemes selected, verified through the inspection of systems and documentation that the client team defined the calculation requirements of the scheme and identified the automation methodology. Further, verified that appropriate sections of PenScope were set-up, tested to verify that they were operating in accordance with scheme rules, and authorised by the appropriate parties prior to go live.

For the sample of calculations selected, verified that manual recalculation occurred and were checked by the appropriate person to confirm that the results match.

Verified through the inspection of documentation that ITM Ltd had programmed the calculations, that these had been tested and signed off before implementation in the live environment.

For the sample of manual calculations selected, verified that the calculations are set up In accordance with the calculation specifications and the calculation methodology was signed off by the appropriate person.


22

2. Authorising and Processing Transactions

Contributions to defined contribution plans, defined benefit schemes, or both, and transfers of members’ funds between investment options are processed accurately and in a timely manner.


2.1 Process DC contributions are allocated in accordance with members’ choices as advised on client monthly schedules.

Investment instructions are sent to the investment manager. The investment manager sends a transaction note from which the system price is updated.

Where schemes are set up to enable Straight Through Processing (STP), investment instructions are sent electronically to the Investment Manager. Updated unit holdings and system prices are automatically received daily from the Investment Manager.

Control The total amount allocated is reconciled to the total on the client schedule by an administrator and signed off by the supervisor.

System units are reconciled to manager units monthly by an administrator and signed off by the supervisor. Unallocated balances are reviewed and investigated with remedial action being taken as necessary.

Straight Through Processing (STP) instructions are checked and approved in the Altus Gateway by the Checker or Checker Manager. The status of electronic transactions is monitored by the administrator and supervisor.

For the sample of schemes selected, verified through the inspection of documentation that the total amount allocated was reconciled to the total on the client schedule by an administrator and signed off by the supervisor.

Furthermore, verified through the inspection of documentation that STP transactions were also reviewed and approved in the Altus Gateway by two separate people and the status of electronic transactions was monitored by the administrator and supervisor.


23

2.2 Process Lifestyle switches are activated by the DC admin system.

Instructions to disinvest and invest member and lifestyle switches are sent to the investment managers.

Where schemes are set up to enable STP, investment instructions are sent electronically to the Investment Manager. Electronic success / failure confirmations from the Investment Manager are automatically sent back when processed.

Control The relevant checklist is completed by an administrator and signed off by the supervisor. Life styling is triggered in accordance with the life styling matrix.

System units for lifestyle switches are reconciled to manager units by an administrator and signed off. Any differences or anomalies are identified and corrective action is taken as necessary. STP instructions are checked and approved in the Altus Gateway by the Checker or Checker Manager. The status of electronic transactions is monitored by the administrator and supervisor.

For the sample of schemes selected, verified through the inspection of documentation and enquiry that lifestyle switches were activated by the DC admin system. The lifestyle switches were executed in accordance with the life styling matrix and a checklist was signed off by the administrator and the approver.

System units for lifestyle switches were reconciled to manager units by the administrator and signed off with differences or anomalies investigated and corrected if necessary.

For the sample of schemes selected, verified through the inspection of documentation that the STP instructions in the Altus gateway were reviewed and approved by the checker and checker manager.


2.3 Process DB contributions are received.

A cashflow forecast is completed by an administrator, checked and signed off in accordance with the specific procedure for each scheme by the supervisor.

Funds are invested / disinvested as per the cashflow results.

Control The cashflow forecast is checked and any errors are corrected before investment /disinvestment.

Where subsequent changes are required to allow for any cash movements between date of forecast and actual investment / disinvestment this must be clearly authorised by the supervisor.

Cashflow reports are issued to clients where agreed.

For the sample of schemes selected, verified through inspection of documentation that the cashflow forecasts were completed by an administrator, reviewed for accuracy and signed off by the supervisor. We note that for one of the selected schemes, a junior administrator rather than a supervisor had signed off the cashflow forecast for two months. We note however, that there had been no investment / disinvestment for these months. Further, the cashflow report sent to the client had been reviewed by the Head of Client Management before being sent out.

For the sample of schemes selected, verified through the inspection of documentation that the cashflow forecasts were reviewed for accuracy and any errors were corrected before investment / disinvestment.


24

Benefits payable and transfer values are calculated in accordance with scheme rules and relevant legislation and are paid on a timely basis.


2.4 Process Benefit calculations are either generated automatically by the system (as programmed), or manually by reference to the rules.

The workflow system ensures that each case is done and independently checked.

Control The process is checked by another administrator using the electronic checklist on Alfresco to identify any errors / omissions. Remedial action is then taken where necessary.

The checklist ensures all necessary steps in the process have been followed and completed before the case can be authorised by an appropriate individual.

For those processes where the workflow system is in place, the system ensures that each process is completed by an administrator and independently checked by an authorised person. The process can only be authorised once all of the required steps have been completed.

Calculation details are only issued once the workflow has been fully authorised. The authorised person will also use the checklist to ensure that all stages have been completed and are accurate.

For the sample of schemes selected, verified through the inspection of documentation that calculations were signed off by a preparer and a reviewer and checklists were completed signifying that all actions had been completed. Further, verified that the approved calculation was accurately communicated to members.


2.5 Process As part of the payroll process an exceptions report is printed for review by the supervisor. The report highlights any starters, leavers or adjustments to gross pay being processed that month.

Control Differences from one month to the next are reconciled by a payroll administrator, checked and signed off by an authorised person. Any discrepancies are resolved before payment is made. The payroll is approved by two authorised signatories for transmission by the BACS bureau.

A monthly timetable is used to monitor the processing of each scheme’s payroll. The timetable is monitored and maintained by the payroll supervisor to ensure the deadlines are met.

For the sample of schemes selected, verified through the inspection of documentation and systems that as part of the payroll process, an exception report was produced and reviewed and differences are reconciled to the previous month, resolved and approved by an authorised signatory.

For the sample of schemes selected, verified through the inspection of documentation that payroll was signed off by at least two individuals.

For the sample of schemes selected, verified through the inspection of documentation that a monthly timetable was maintained by a payroll supervisor to monitor the processing of each scheme’s payroll.


25

3. Maintaining financial and other records

Member records consist of up to date and accurate information and are updated and reconciled regularly.


3.1 Process Scheme data is amended on an ad-hoc basis. Modifications to membership data are processed in accordance with mail, telephone, fax or email requests from members or scheme-authorised personnel.

All requests received are logged onto the workflow system to ensure all cases are actioned.

Control For those processes where the workflow system is in place, the system ensures that each process is completed by an administrator and independently checked by an authorised person.

The process can only be authorised once all of the required steps have been completed. The authorised person reviews the electronic checklist on Alfresco to ensure that all necessary steps have been completed.

For the sample of amendments selected, verified through the inspection of the system that a workflow existed in Alfresco for scheme data amendments and each of the sample amendments had a ‘maker’ and a ‘checker’.


3.2 Process Scheme data is kept up to date through periodic (usually annual) data loads from the employer’s payroll and HR data records.

Control Renewal checks are conducted to highlight possible errors such as significant changes in salary. These are investigated and resolved by administrators prior to data being loaded. Once queries have been resolved, the data is uploaded to the relevant administration database.

A year end checklist is prepared by an administrator and signed off by the supervisor to confirm the completeness and accuracy of the data loaded.

For the sample of schemes selected, verified through the inspection of systems and documentation, that scheme data was kept up to date through periodic data loads from the employer’s payroll and HR data records.

For the sample of schemes selected, verified through the inspection of systems and documentation that a year-end checklist was used to manage the annual data check process and had been completed and authorised appropriately.


26

Contributions and benefit payments are completely and accurately recorded in the proper period.


3.3a Process Contributions, receipts and payments are accounted for in the nominal ledger by posting from the bank statement or source documentation.

Control All cash movements are recorded promptly and reconciled to the bank each month by the cashier. This is reviewed and signed off by the supervisor. Any necessary amendments are made and authorised. Uncashed cheques are monitored on a monthly basis by the cashier and reviewed by the supervisor.

For the sample of schemes selected, verified through the inspection of systems and documentation that contributions, receipts and payments were accounted for in the nominal ledger by posting from the bank statement or source documentation.

For the sample of schemes selected, cash movements were reconciled to the bank statements and subsequently signed off by the supervisor. These reconciliations were also used to monitor uncashed cheques.


3.3b Process Accounting and administration records are reconciled to one another annually by the accountant. This is reviewed and signed off by the checker.

Control Any discrepancies identified under the reconciliation are corrected as necessary.

For the sample of schemes selected, verified through the inspection of systems and documentation that an annual reconciliation was performed between the accounting and administration records by the accountant for all schemes and that this was signed off by the supervisor. Where discrepancies were identified, they were corrected as necessary.


Investment transactions, balances and related income are accurately recorded in the proper period.


3.4 Process All movements between the scheme and the Investment Managers are recorded by the cashiering team.

Control These transactions are reconciled at least annually by the accounts team and signed off by an appropriate checker.

For the sample of schemes selected, obtained a copy of the reconciliations performed and the year-end checklist and verified that accounts are reconciled at least annually by members of the accounts team and signed off by the appropriate checker.

Verified that reviews were performed by appropriate individuals.


Scheme documents (deeds, policies, contracts, booklets etc) are complete, up to date and securely held.


3.5 Process Original deeds, policies and contracts are held by the clients, but copies are maintained for all the documents supplied by the client. These are held securely either electronically on PSAL’s network or in paper files on site.

Control Copies are held of any new scheme documents issued by the client. These are checked annually with the client’s consultant or the client.

For the sample of schemes selected, inspected supporting documentation and verified that client files were held within network drives with restricted access.


27

4. Safeguarding assets

Member and scheme data is appropriately stored to ensure security and protection from unauthorised use.


4.1 Process Physical access to buildings is restricted, ensuring only authorised personnel or authorised visitors gain access to work stations.

All computer records and data held for members are password protected and have restricted access controls for authorised staff only. Member and scheme data is retained in a combination of electronic media and paper files.

Control All entries and exits have security locks and all staff are issued access cards or key fobs.

PSAL have archived paper filing off-site to a specialist organisation thereby ensuring only current cases are required and retained within the work area. Punter Southall Group also utilise scanning of inbound and outbound mail using an electronic document management system.

Where client agreement is in place member files are scanned once the relevant process is completed and paper files are securely destroyed.

For the sample of schemes selected, verified through observation and inspection of documents that access cards to PSAL buildings were provided as part of the induction process for a new employee.

Verified that they were only granted upon notification from HR or relevant business heads and, for out of hours access, by management.

For the sample of schemes selected, verified through the inspection of documentation that a notification was sent from HR to Building Services to notify them of leavers whose access to the building needed to be removed during that week.

Verified through the inspection of documentation that a quarterly review was carried out by Building services.

For the sample of schemes selected, verified through the inspection of systems that there is electronic access security in place. Confirmed that user groups are used to appropriately restrict access to scheme data and that all computer records and data held for members are password protected and have restricted access. Only authorised staff had access to electronic files.

Verified through the inspection of documentation that contract between Punter Southall and third party archiving specialists is in place so that only current cases are required and kept within the work area and that these services had been used during the period.


28

5. Monitoring compliance

Contributions received in accordance with scheme rules and relevant legislation.


5.1 Process The cashiering team record receipt of all contributions received.

Control Checks are run in accordance with the requirements under the Pensions Act 1995 and trustee practise for each scheme e.g. for most schemes the cashier checks payments have been received by 12th of the month, with a final check for the rest of the schemes on 20th of the month.

Administrators are advised which contributions are outstanding and follow up action is taken if necessary by the administrator. The administrator will pursue the employer for payment.

For the sample of schemes selected, verified through the inspection of documentation that there were reviews of the contributions received list to verify that payments were made around the 12th of each month.

Verified through inspection of documentation that there is a second and final review undertaken of the contributions received list to confirm that payments were made and this includes the follow up of missing or late payments.


Cash is safeguarded and payments are suitably authorised and controlled.


4.2 Process Cash movements are recorded on a daily basis. Cheques received are logged upon receipt and banked promptly by a member of the cashiering team unless subject to any query. Payment request forms for cheques and BACS transfers are supplied by the administrators to the cashiering team. Scheme expenses are submitted to the cashiering department with a payment request form.

Control Forms are checked and authorised by a supervisor. Payment instructions are signed or authorised electronically by two authorised signatories in accordance with the bank mandate. The cashier checks against client specific limits and authorised signatories shown on customised forms.

Where CashFac is in place, only authorised signatories have the ability to sign electronically. The cashier arranges the signature of cheques and electronic transfers in accordance with the bank mandate for each scheme. Payment of expenses is approved only if the payment form is authorised by a scheme officer or trustee, or is within specific agreed signing requirements for the relevant scheme.

For the sample of schemes selected, verified through inspection of systems and documentation that cash receipts were logged upon receipt in the scheme cash book and banked promptly and that the details matched the bank statements.

For the sample of scheme payments selected, verified that forms were filled in by a member of the administration team, authorised by a supervisor and payment instructions were signed by authorised signatories after being reviewed against client-specific limits and shown on customised forms.

Verified that CashFac was used for the sample selected and that only authorised signatories could sign electronically. Where CashFac was not used, obtained written confirmation that these were manually completed. Payment of expenses was only approved if the payment form was authorised by a scheme officer or trustee unless it was within the specific agreed signing requirements for the relevant scheme.


29

Services provided to pension schemes are in line with service level agreements.


5.2 Process Day to day work is logged on to the workflow management system and logged off when completed.

Control Deadlines are monitored by the administrators to ensure they are met. Regular reports are produced at both a team and management level in order to ensure that standards are being maintained.

Verified through enquiry and observation that day to day work was logged on to the workflow management system and logged off when completed.

For the sample of schemes selected, verified through the inspection of documentation that deadlines were monitored by the administrators to confirm they were met and that regular reports were produced at both a team and management level in order that the standards and requirements outlined for each scheme were being maintained. Confirmed reports were prepared and reviewed by separate individuals.

For one of the eleven schemes sampled, we note that, as per the reports produced, some of the key performance indicators (‘KPIs’) were not being met as per the agreed Service Level Agreement (‘SLA’) between the client and PS Admin Ltd. We note however, that the client was aware of the reason for the service levels being below the agreed threshold and we were able to obtain evidence that Management were taking measures to bring services within the agreed SLAs. As such, we do not view this as a systemic issue and hence no exception has been raised.


Transaction errors are rectified promptly and clients treated fairly.


5.3 Process The administrator checks transactions to ensure that they are in accordance with relevant instructions. The administrator will ask the manager to rectify any transaction issues in a timely manner. If an error is discovered during the course of an audit this must be raised with the manager.

Control For DC schemes the PenScope reconciliation report will highlight any issues. Once any issues have been resolved, the reconciliation report is re-run by the administrator and checked to ensure it agrees. The Admin client Principal will ascertain whether there has been any material loss to the client and authorise payment if required.

All errors or complaints are recorded by the team leader on the errors and complaints database.

For the sample of schemes selected, verified through the inspection of documentation that the administrator reviewed transactions to verify that they were in accordance with relevant instructions. Any error discovered during the course of an audit was raised with the manager.

For the sample of schemes selected, verified through the inspection of documentation that for DC schemes, the PenScope reconciliation report highlighted any issues and that once any issues had been resolved, the reconciliation report was re-run by the administrator and was reviewed to verify it agrees. Verified no differences in the reconciliations.

Verified through the inspection of documentation and observation that all errors or complaints were recorded by the team leader on the errors and complaints database.


30

6. Reporting to clients

Periodic reports to participants and scheme sponsors are accurate and complete and provided within required timescales.


6.1 Process Administration reports, which may include membership movement analysis and reconciliations, are produced on the basis and frequency as agreed with the scheme trustees.

Where requested by the trustees, quarterly administration reports are produced and distributed to scheme trustees.

Control The reports are checked for completeness and accuracy and peer reviewed prior to being issued. Scheme annual events are monitored on a regular basis by the administrator.

For the sample of schemes selected, verified through the inspection of documentation that the reports were checked for completeness and accuracy and peer reviewed prior to being issued. Scheme annual events were monitored on a regular basis by the administrator.


6.2 Process Benefit statements are produced annually from data held on the administration system and are despatched within timescales agreed with trustees.

Control Checks are conducted in accordance with the benefit statement procedure and signed off in line with the benefit statement process.

For the sample of schemes selected, obtained and reviewed supporting documentation and verified that checklists were completed in accordance with the benefit statement procedure policy.

From the sample of schemes selected to test that the Benefit statements are sent out in a timely manner, we note that the report for one of the schemes had been delayed by three weeks. We note however, that the client had been informed in advance, that there could be a potential delay. As such, this is not considered to be a systemic issue and hence no exception has been noted.


Annual reports and accounts are prepared in accordance with applicable law and regulations.


6.3 Process Annual report and accounts are prepared in compliance with the latest Statement of Recommended Practise (SORP) for pension schemes based on a standard reporting format.

Control The accountant updates the standard reporting format to take into account any changes in legislation. Annual accounts are prepared and then checked by a checker prior to audit. Audited accounts once approved are signed off by the trustees.

For the sample of clients selected, verified through the inspection of documentation that the accountant updates the standard reporting format to take into account any changes in legislation. Annual accounts are prepared and then checked by a checker prior to audit. Audited accounts, once approved, are signed off by the trustees.


31

6.4 Process Deadlines for the finalisation and approval of audited accounts are monitored by administrative and accounting staff on a regular basis.

Control The accounts manager monitors a control sheet detailing progress and accounts deadlines regularly and takes any necessary action. The report is circulated to the management group monthly for information.

Where requirements are in place, a timetable is agreed with the auditors detailing the key stages of the audit.

For the sample of schemes selected, verified through the inspection of documentation that a control sheet detailing progress and accounts deadlines was monitored regularly by the accounts manager and any necessary action was taken. The report was circulated to the management group monthly for information.

Where requirements are in place, a timetable was agreed with the auditors detailing the key stages of the audit.


Regulatory reports are made if necessary.


6.5 Process Documented internal procedures are followed by administrators who log all breaches in the breaches log and notify relevant management.

Control Reports of breaches are made as necessary under a traffic light reporting system. The managers will assess and refer where necessary to another manager. All ‘amber’ or ‘red’ reports made to the Regulator are copied to the admin risk committee which monitors reports across the company.

Verified through the inspection of documentation that reports were made as necessary under a traffic light reporting system. The managers will assess and refer where necessary to another manager. All ‘amber’ or ‘red’ reports made to the Regulator are copied to the admin risk committee which monitors reports across the company.


32

7.1 Restricting access to systems and data

Physical access to computer networks, equipment, storage media and program documentation is restricted to authorised individuals.


7.1a (i)

Process The Punter Southall Group operates its systems out of high availability data centres in geographical diverse locations. Access is approved to a limited number of IT Operations staff only and there are a number of physical and logical controls in place to prevent unauthorised access.

Control

- Access to the server room is authorised by the ITS Operations manager.

- The ITS Operations managers conducts a review of users who have access to the server room on a quarterly basis.

- Access to the server room is revoked in a timely manner in accordance with the leavers’ process.

- Visitors’ access to the server room is manually logged.

Obtained and inspected supporting documentation and verified that the Punter Southall Group operates its systems out of high availability data centres in geographical diverse locations.

Obtained and inspected supporting documentation and verified that access was approved to a limited number of IT Operations staff only, by the ITS Operations Manager. No personnel were granted access during the period and there were adequate physical controls in place to prevent unauthorised access.

Obtained and inspected supporting documentation and verified that no new personnel required access to the server room during the period.

For the sample of quarters selected, obtained and inspected supporting documentation and verified that the Chief Technology Officer conducted a review of users who had access to the server room and that no issues were noted.

Obtained and inspected supporting documentation and verified that access to the server room was revoked in a timely manner in accordance with the leavers’ process.

Obtained and inspected supporting documentation and verified that visitors’ access to the server room was manually logged.


7.1a (ii)

Process Access cards / key fobs to Punter Southall Group buildings are provided as part of the induction process of a new employee. Upon an employee leaving the organisation, notifications are sent from HR to Building Services to notify them that access needs to be removed.

Control

- Access cards to buildings are only granted upon notification from HR or the relevant business heads.

- Access for out of hours working must be authorised by management.

- Access is disabled within a timely manner of the employee leaving the company.

- Quarterly reviews are carried out by Building Services to ensure access is appropriate.

Obtained and inspected supporting documentation and verified that access cards / key fobs to Punter Southall Group buildings were provided as part of the induction process of a new employee and that, upon an employee leaving the organisation, notifications were sent from HR to Building Services to notify them that access needed to be removed.

For the sample of new starters selected, obtained and inspected supporting documentation and verified that access cards to buildings were only granted upon notification from HR or the relevant business heads and that access for out of hours working was not required.

For the sample of leavers selected, obtained and inspected supporting documentation and verified that access was disabled within a timely manner of the employee leaving the company.

33

For the sample of quarters selected, obtained and inspected supporting documentation and verified that quarterly reviews were carried out by Building Services to ensure access was appropriate.


7.1a (iii)

Process System Documentation is either stored electronically under password control or if temporarily in paper form, it remains under the control of the individual until they destroy the paper copy.

Control The IT Security Analyst checks annually that key programme documentation is being kept up to date and stored following ITIL and PRINCE2 guidelines as appropriate to PSAL systems and that only domain users with appropriate permissions can access them.

Obtained and inspected supporting documentation and system settings and verified that system documentation was either stored electronically under password control lists or, if temporarily in paper form, it remained under the control of the individual until they destroyed the paper copy.

Obtained and inspected supporting documentation and verified that an IT Security Analyst checked annually that key documentation was being kept up to date and stored following ITIL and PRINCE2 guidelines as appropriate to PSAL systems and that only domain users with appropriate permissions could access them.


7.1a (iv)

Process Critical IT infrastructure is located in an offsite data centre. Access is approved to a limited number of IT Infrastructure staff only by the IT Operations Manager.

Control Branch office server and network equipment are located in secure server rooms where office space allows. Access to the server room is restricted to authorised personnel only.

PSG datacentres are provided by Equinix Powergate and ILand Ltd. These are operated under ISAE 3402 guidelines. Service auditor reports are received from Equinix and iLand Ltd.

Obtained and inspected supporting documentation and verified that critical IT infrastructure was located in an offsite data centre and that no new staff were set-up with access during the period.

Obtained and inspected supporting documentation and verified that access was approved to a limited number of IT Operations staff only, that no personnel were granted access during the period and that there were adequate physical controls in place to prevent unauthorised access.

Verified through the inspection of documentation that PSG datacentres are provided by Equinix Powergate and ILand Ltd and are operated under ISAE 3402 guidelines. Verified that Service auditor reports were received from Equinix and iLand Ltd.


7.1a (v)

Process Secure data storage, providing an independent copy of all data held in the offsite data centres, is located in a secure computer equipment room in the 11 Strand London HQ office and restricted to authorised individuals only.

Control Access is restricted to authorised individuals using key codes / fobs for the small numbers of staff involved.

Logs are kept of all visitors to the local office.

Obtained and inspected supporting documentation and system settings and verified that an independent copy of data storage was maintained in a secure computer room based at 11 Strand, London.

Obtained and inspected supporting documentation and verified that access was approved to a limited number of IT Operations staff only, that no personnel were granted access during the period and that there were a number of physical and logical controls in place to prevent unauthorised access.

Obtained and inspected supporting documentation and physically verified that visitors had restricted access and that logs were kept of all visitors to the local offices.


34

Logical access to computer systems, programs, master data, transaction data and parameters, including access by administrators to applications, databases, systems and networks, is restricted to authorised individuals via information security tools and techniques.


7.1b (i)

Process Laptops are encrypted and configured to have password protections on boot before issuing.

All laptops and desktops are configured to enforce encryption on any portable media device inserted.

Control Management performs formal review of all users with local admin access to laptops on a quarterly basis. Exceptions are reported upon and appropriate action taken to follow up on and resolved accordingly.

For the sample of laptops selected, obtained and inspected supporting documentation and system settings and verified that they were encrypted and configured to have password protections on boot before issuing.

For the sample of laptops selected, obtained and inspected supporting documentation and systems settings and verified that they were configured to enforce encryption on any portable media device inserted.

Obtained and inspected supporting documentation and systems settings and verified that all desktops were configured to enforce encryption on any portable media device inserted.

For the sample of quarters selected, obtained and inspected supporting documentation and verified that management performed a formal review of all users with local admin access to laptops and that no exceptions were noted.


7.1b (ii)

Process All access to computer equipment and systems is protected by alpha numeric passwords. Passwords are changed on a regular basis and only issued to authorised personnel.

Control The domain security policy requires and enforces that passwords must be ‘complex’, a minimum of 8 characters and must be changed in accordance with policy and cannot be reused (last 24 are recorded).

Verified through the inspection of documentation that, the network enforces the following password parameters:

• Minimum Password length: 8 Characters

• Password Complexity: Enabled

• Password history: 24 remembered

• Passwords must be changed after: 90 Days

Verified through the inspection of documentation that the applications in scope adhere to the network enforced password parameters through Single Sign On (SSO) or have equivalent parameters in place:

• Penscope

• Northgate PS Enterprise

• Profund Aviary

• Bottomline

• CashFac


35

7.1b (iii)

Process Any systems which do not have local password controls are protected by additional means, for example, group based permissions on application servers or digital certificate authentication, thereby preventing access without first logging on to the password controlled network.

Control

- Access to network data is strictly controlled through NTFS permissions and Windows security group PSAL.

- Files can only be created on the NTFS file system.

- The system is configured so that appropriate administration team group based permissions are always inherited when new files are created.

Obtained and inspected supporting documentation and system settings and verified that any systems which did not have local password controls were protected by additional means, these included, group based permissions on application servers or digital certificate authentication, thereby preventing access without first logging on to the password controlled network.

Verified through the inspection of documentation that access to network data is strictly controlled through NTFS permissions and Windows security group PSAL.

Verified through the inspection of documentation that the folder structure with scheme data is NTFS allowing folder security to be enabled on a group level.

For a selected sample of Scheme folders, verified through the inspection of documentation that the system is configured so that appropriate administration team group based permissions are inherited when new files are created.


7.1b (iv)

Process Remote access is available to use for PSAL users on request. This is governed by IT by adding the selected users to the RDS group allowing them remote access. Access to the remote access group is governed by ITS and only on request. Leavers are removed as appropriate.

Control

- Remote access granted to users is controlled by the RDS access security group PSAL in Active Directory (AD).

- Logs of which users have been added into the AD group PSAL, are reviewed by the Group IT Operations Manager.

For a selected sample of new starters with remote access for the period under review, verified through the inspection of documentation that access is only given to those who have requested it.

For a sample of leavers selected, obtained and inspected supporting documentation and verified that access was disabled within a timely manner of the employee leaving the company.

Verified through the inspection of documentation that there were no leavers for the period under review with remote access enabled.


7.1b (v)

Process Quarterly Access reviews are carried out by the Client Leads.

Control

- Quarterly reviews of access to the following key administration applications are completed by the client lead.

- Any access changes required to the following systems are made directly by client lead (where possible) or via a service desk request:

• PS Admin Database (IPS Only)• Northgate PS Enterprise • Profund Aviary • Bottomline • CashFac• Penscope

For a selected sample of access reviews, verified through the inspection of documentation that a quarterly user access review was carried out for the following key applications in scope and remediation action was carried out as appropriate:

• PS Admin Database (IPS Only)• Northgate PS Enterprise • Profund Aviary • Bottomline • CashFac• Penscope


36

7.1b (vi)

Process Unusual behaviour is monitored by the IT Operations team, with notifications sent by a third-party service provider. These are logged on the provider’s portal for the IT Operations team to investigate and resolve.

Control Additional security is provided by the DELL Intrusion Protection System which monitors activity within the Groups network and actively prevents behaviours that match the signatures of known attacks or look unusual.

Obtained and inspected supporting documentation and system settings and verified that unusual behaviour was monitored by the IT Operations team, with notifications sent by a third-party service provider.

For the sample of incidents selected, obtained and inspected supporting documentation and verified that these were logged on the provider’s portal and the IT Operations team investigated and resolved them. However, we note that BDO were unable to conduct further testing since a population of incidents could not be provided for the period under review.

Obtained and inspected supporting documentation and system settings and verified that additional security was provided by the DELL Intrusion Protection System, which monitored activity within the Groups network and actively prevented behaviours that matched the signatures of known attacks or looked unusual.


7.1b (vii)

Process When a laptop is requested by a PSAL employee, upon set-up, the laptop will be fully encrypted using Bitlocker with password protection enforced linked to the Active Directory password parameters.

Control

- Laptops are encrypted and configured to have password protections on boot before issuing.

- Portable media ports are disabled on thin clients.

- All laptops and desktops are configured to enforce encryption on any portable media device inserted.

For the sample of laptops selected, obtained and inspected supporting documentation and system settings and verified that they were encrypted and configured to have password protections on boot before issuing.

Verified that portable media ports are disabled on thin clients and that all laptops and desktops are configured to enforce encryption on any portable media device inserted.


Segregation of incompatible duties is defined, implemented and enforced by logical security controls in accordance with job roles


7.1c Process All staff have clearly defined roles and responsibilities which are set by the department manager.

Control- Access to applications is set through role

based access.- Supervisor approval is required before access

is granted to any of the key systems.

Verified through inspection of documentation that access to application is set through role based access and that supervisor approval was required before access was granted to any of the key systems.

Exception noted.

Exception noted: From our sample of 5 leavers selected to test the removal of access, the Cashfac access had not been removed for one leaver. Through additional procedures performed, we noted that there had been no activity on the account after the user had left the organisation. Further, we note that the access of the user had been removed once management were notified.

PSAL response: Additional steps have been put in place to ensure that access is correctly removed by cashiering as soon as they are notified of a leaver. For the case in question the Active Directory account had been removed in a timely manner and therefore the individual had no access to any other system which would be required in order to commit fraud. In addition there is a four stage authorising process in place which will prevent fraudulent payments being authorised.

37

7.2 Providing integrity and resilience to the information processing environment, commensurate with the value of the information held, information processing performed and external threats.

IT processing is authorised and scheduled appropriately and exceptions are identified and resolved in a timely manner.


7.2a Process There is monitoring of scheduled data downloads from the Altus Investment Gateway web service via the Windows Service (PenScope) on the PenScope application server.

Control

- Data transmission between Altus and Penscope is monitored for successful completion.

- Alerts for any failures in the data transmission, are sent to Business Services Group, IT or Service Desk ticketing system and are resolved in a timely manner.

Verified through the inspection of documentation that, data transmission between Altus and Penscope was monitored for successful completion.

Verified through the inspection of documentation that alerts for any failures in data transmission are sent to Business Services Group, IT and Service Desk ticketing system which were then resolved in a timely manner.

However, we note that this control was only effective from 19 October 2017.

Exception noted.

Exception noted: BDO noted that Alerts for failures in data transmission between Altus and Penscope were not operational prior to 19 October 2017.

However, verified through inspection of documentation that this was remediated during the period.

Through discussions held, we note that errors in data transmission would be identified through a number of reconciliations performed as highlighted in control 2.1.

PSAL response: The issue has been corrected and the failure reports are directed correctly. Due to other checks and controls in place this issue had no impact on the reconciliations and transactions in the period.

Data transmissions between the service organisation and its counterparties are complete, accurate, timely and secure.


7.2b (i)

Process Only authorised personnel can handle financially sensitive data with permissions set on a scheme by scheme basis.

Control

- Access to authorise Payroll transmissions is restricted to individuals within the payroll team and is approved at an appropriate level.

- All transmissions are checked and authorised.

- Payroll data which is sent externally for international payments is sent via a secure website.

Verified through the inspection of documentation that access to authorise payroll transmissions is restricted to Payroll Administrators and Team Leader members of PSAL.

Verified through the inspection of documentation that all transmissions are checked and authorised by a second ‘Submitter’ who is different to an ‘Inputter’.

Verified through the inspection of documentation that payroll data was sent via a secure website.


7.2b (ii)

Process BACS Bureau facilities are used to process and transmit payments, where appropriate.

Control A triennial review of our BACS Bureau Service is carried out by BACS to ensure that our service complies with the recommended standards.

Verified through the inspection of documentation that a triennial review of PSALs BACS Bureau Service was carried out by BACS to verify that PSAL’s service complied with the recommended standards.


38


7.2b (iii)

Process Data transmission of financial data such as payroll uses secure encryption algorithms.

Control BACS transmissions are encrypted. BACS transmissions may only be submitted once there has been dual approval with an independent member of payroll verifying the information that has been previously entered.

Verified through the inspection of documentation that access to authorise payroll is restricted to Payroll Administrators and Team Leader members of PSAL.

Verified through the inspection of documentation that all transmissions are checked and authorised by a second ‘Submitter’ who is different to an ‘Inputter’.

Verified through the inspection of documentation that BACS transmission are encrypted and adhere to BACS standards.


7.2b (iv)

Process Core systems have documented operating procedures.

Control Documentation relating to PS Admin specific applications are reviewed annually to ensure they remain up to date.

Application documentation is reviewed following each release of our internally developed applications.

Verified through the inspection of documentation that core systems had documented operating procedures.

Verified through the inspection of documentation that documentation related to PS Admin specific applications were reviewed annually to ensure they remained up to date.

Application documentation was reviewed following each release of PSALs internally developed applications.


7.2b (v)

Process Core systems have documented operating procedures.

Control Key processing is logged on all our critical applications (PS Admin Database (IPS Only) Alfresco, Northgate PS Enterprise, Profund Aviary, CashFac, Bottomline and Penscope) via a built-in audit trail and is available for review in the event of any incidents.

Verified through the inspection of documentation that key processing was logged on all PSALS critical applications (Northgate PS Enterprise, Profund Aviary, CashFac and Bottomline and Penscope) via a built-in audit trail and was available for review in the event of any incidents.

Verified through enquiry that there is no in built audit logging for the system Alfresco but selective logging does occur.


7.2b (vi)

Process Transmissions of bulk data to and from clients are made via a secure website facility.

Control

- Only authorised users are able to upload and transfer data.

- Users are provided with unique login credentials to access data.

- User access within the transfer site is restricted to authorised folders.

Verified through the inspection of documentation that only authorised users were able to upload and transfer data and that users were provided with unique login credentials to access data.

Further verified through inspection of documentation that user access within the transfer site was restricted to authorised folders.


39

Appropriate measures are implemented to counter the threat from malicious electronic attack (e.g. firewalls, anti-virus etc.)


7.2c (i)

Process All external access to the network is strictly controlled.

Control An industry standard firewall has been configured to restrict traffic flow between public and secure networks as defined within the Group Network Security policy.

Obtained and inspected supporting documentation and system settings and verified that an industry standard firewall had been configured to restrict traffic flow between any public and secure networks as defined within the Group Network Security policy.


7.2c (ii)

Process Perimeter Firewalls and Endpoint software are in place, with Anti-Virus updates disseminated to all computers operating on the Punter Southall Group networks.

Control An industry standard antivirus is in place on all computers operating on the Punter Southall Network.

Obtained and inspected supporting documentation and system settings and verified that antivirus definitions were updated from the vendor and disseminated to computers on the network within an hour.

Obtained and inspected supporting documentation and system settings and verified that an industry standard antivirus was in place on all computers operating on the Punter Southall Network.


7.2c (iii)

Process Security testing is performed annually by a third party provider to ensure network vulnerabilities are identified and addressed.

Control Penetration tests are conducted annually. Results from the test are submitted to the Information Security Sub Committee (ISSC) to assess risks and implement remedial actions where required.

Obtained and inspected supporting documentation and verified that the Punter Southall Group network underwent penetration tests by a Crest certified third-party provider to ensure that network vulnerabilities were identified and addressed.

Obtained and inspected supporting documentation and verified that penetration tests were conducted annually and that the results from the test were submitted to the information Security Sub Committee (ISSC) to assess risks and implement remedial actions where was required.


40

The physical IT equipment is maintained in a controlled environment.


7.2d Process An independent copy of data storage is maintained in a secure computer room based at 11 Strand, London. Access to the computer room is restricted via keypad and the combination only known by members of IT. Access requests must be authorised by the Chief Technology Officer.

Control Environmental controls are maintained in the 11 Strand server room, including the following:

1. Continuous power supply with backup uninterruptible power supply (UPS)

2. Smoke detectors

3. Cooling mechanisms

4. Temperature monitoring alerts.

Verified during an onsite inspection that the 11 Strand location for PSAL where servers are located have the following environmental controls in place.

- Continuous power Supply with backup uninterruptible power supply (UPS)

- Smoke Detectors

- Cooling Mechanisms

- Temperature Monitoring Alerts.


7.3 Maintaining and developing systems hardware and software.

Development and implementation of new systems, applications and software, and changes to existing systems, applications and software, are authorised, tested, approved and implemented.


7.3a (i)

Process BSG projects: A formal change management methodology is used to implement new and revised infrastructure changes, application version increments and significant application developments. Documentation for these projects are maintained within a central project documentation library.

Control

BSG Managed Projects:

- Projects managed by BSG follow an established project management methodology based on appropriate ITIL project governance.

- Project documentation is signed off / approved by the business representative and reviewed / audited by the application owner.

For the sample of BSG managed projects selected, verified through the inspection of supporting documentation that projects follow an established project management methodology & where applicable, project documentation is signed off / approved by the business representative and reviewed / audited by the application owner.


41

7.3a (ii)

Process ITS Projects: A formal change management methodology is used to implement new and revised infrastructure changes, application version increments and significant application developments. Documentation for these projects are maintained within a central project documentation library.

Control ITS Managed Projects:

- Projects managed by ITS follow an established project management methodology based on appropriate ITIL project governance.

- Project documentation is signed off / approved by the business representative and reviewed / audited by the application owner.

- Access to documents stored on the shared site is limited to authorised users and is based on permissions granted.

For the sample of ITS projects selected, verified through the inspection of supporting documentation that projects follow an established project management methodology & where applicable, project documentation is signed off / approved by the business representative and reviewed / audited by the application owner.

Verified through the inspection of documentation that access to documents stored on the shared site is limited to authorised users and is based on permissions granted.


Data migration or modification is authorised, tested and, once performed, reconciled back to the source data.


7.3b Process The Business Services Group and application owners are responsible for data migration projects.

A detailed testing procedure is followed for all data migrations. This includes sample data checks and full reconciliation back to the source data. All issues are captured during migration.

Control All changes are authorised by the application owner before the change can be released to live.

All modification or migration of data is tested in a test environment prior to being performed in the live environment.

Sample checks and reconciliations are performed and reviewed by the application owner to ensure that no errors have been created and the data has been migrated completely and accurately.

For the sample of changes selected in the period under review, verified through the inspection of documentation that changes are authorised by the application owners before being released to the live environment.

For the sample of scheme migrations selected in the period under review, verified through the inspection of documentation that migrations are tested in test environments before being executed in live environments.

For the sample of changes and migrations selected in the period under review, verified that sample checks and reconciliations are performed, issues are followed up to resolution and the data has been migrated completely and accurately.


42

7.4 Recovering from processing interruptions

Data and systems are backed up regularly, retained offsite and regularly tested for recoverability.


7.4a (i)

Process Backups are taken on a regular basis to meet RTO and RPO objectives. Daily backups are taken in addition to a weekly back-up at the end of each week.

Control The Punter Southall Group operates a primary and a DRAAS centre design with all critical systems and data replicated across both data centres, ensuring that there are multiple copies of the data available. Other data is backed up to 11 Strand. In the unlikely event that a datacentre were made unavailable to the Group, it can make all systems and data available from the remaining datacentre using the data that has been backed up there through the replication. BCP details critical systems.

Different replication approaches (i.e. frequency of the replication, data storage tiers and hence the speed with which they can be restored) are used for systems with different business criticalities, as some require restoration within an hour, with other non-critical systems not being required for up to a week after a data centre outage.

Obtained and inspected supporting documentation and system settings and verified that backups were taken on a regular basis to meet RTO and RPO objectives.

For the sample of weeks selected, obtained and inspected supporting documentation and verified that an archive back up took place at the end of each week.

Obtained and inspected supporting documentation and verified that the Punter Southall Group operated a primary and a DRAAS centre design. All systems and data are replicated across both data centres, ensuring that there are multiple copies of the data available so that, in the unlikely event that a datacentre was made unavailable to the Group, it can make all systems and data available from the remaining datacentre using the data that has been replicated.

Obtained and inspected supporting documentation and verified that BCP detailed critical systems.

Obtained and inspected supporting documentation and system settings and verified that different replication approaches (i.e. frequency of the replication, data storage tiers and hence the speed with which they can be restored) were used for systems with different business criticalities, as some required restoration within an hour, with other non-critical systems not being required for up to a week after a data centre outage.


7.4a (ii)

Process Backups are taken on a daily basis and a full back up is taken at the end of the week to ensure that data can be restored.

Control All systems and data are backed-up to separate storage based at the 11 Strand office:

- Automated e-mails alerts are sent to IT Ops on successful completion of the backups. All failures are reviewed and remedied.

- A random file restore is also carried out daily to ensure that the files backed up can be restored and used if required.

For the sample of days selected, obtained and inspected supporting documentation and verified that all systems and data were backed up to separate storage based at the 11 Strand office.

For the sample of days selected, obtained and inspected supporting documentation and verified that automated e-mails alerts were sent to IT Ops on successful completion of the backups and that all failures were reviewed and remediated.

For the sample of days selected, obtained and inspected supporting documentation and verified that a random file restore was also carried out to ensure that the files backed up can be restored and used if required.


43

7.4a (iii)

Process All systems and data is hosted on High Availability virtual servers with mirrored SAN RAID disk systems which helps ensure no loss of data through media failure. Virtual server backups are replicated to across the 2 geographical separate data centres as well as an independent copy sent to offsite storage.

Windows Shadow Copy is enabled across all storage servers allowing instant restoration of deleted or corrupted files from snapshots taken not less than once a day.

Control Virtual environment is monitored daily to ensure that it is functioning correctly with new, known and resolved issues reported. Backup logs are emailed daily with exceptions recorded by the IT Operations team.

For the sample of days selected, obtained and inspected supporting documentation and verified that the virtual environment was monitored to ensure that it was functioning correctly with new, known and resolved issues reported.

For the sample of days selected, obtained and inspected supporting documentation and verified that back up logs were emailed with exceptions recorded and resolved by the IT Operations team.


IT hardware and software issues are monitored and resolved in a timely manner.


7.4b (i)

Process All hardware problems are recorded via a dedicated Service Desk procedure.

Control

- A number of tools are used to proactively monitor the Punter Southall Group network and server environments.

- All incidents related to hardware and software faults are classified and managed through a helpdesk system using ITIL guidelines.

- Open tickets in the service desk are reviewed on a weekly basis to ensure that issues are being resolved in a timely manner.

Verified through the inspection of documentation that all hardware and system problems were recorded via a dedicated Service Desk procedure.

Obtained and inspected supporting documentation and verified that all hardware and software problems were recorded via a dedicated Service Desk procedure.

For the sample of incidents selected, obtained and inspected supporting documentation and verified that all incidents related to hardware and software faults were classified and managed through a helpdesk system using ITIL guidelines.

Obtained and inspected supporting documentation and system settings and verified that open tickets were reviewed on a weekly basis by the Service Desk to ensure issues were resolved in a timely manner. It was noted that 6 tickets had been open for longer than 60 days, business reasons were given for these tickets and no issues were noted.


44

7.4b (ii)

Process All system problems are recorded via a dedicated Service Desk procedure.

Control

- A number of tools are used to proactively monitor the Punter Southall Group network and server environments.

- All incidents related to hardware and software faults are classified and managed through a helpdesk system using ITIL guidelines.

- Open tickets in the service desk are reviewed on a weekly basis to ensure that issues are being resolved in a timely manner.

Obtained and inspected supporting documentation and system settings and verified that a number of tools were used to proactively monitor the Punter Southall Group network and server environments.

For the sample of days selected, obtained and inspected supporting documentation and verified that any issues identified were followed-up and resolved.

Obtained and inspected supporting documentation and verified that all hardware and software problems were recorded via a dedicated Service Desk procedure.

For the sample of incidents selected, obtained and inspected supporting documentation and verified that all incidents related to hardware and software faults were classified and managed through a helpdesk system using ITIL guidelines.

Obtained and inspected supporting documentation and system settings and verified that open tickets were reviewed on a weekly basis by the Service Desk to ensure issues were resolved in a timely manner. It was noted that 6 tickets had been open for longer than 60 days, business reasons were given for these tickets and no issues were noted.


Business and information systems recovery plans are documented, approved, tested and maintained.


7.4c (i)

Process Recovery Plans which provide for the recovery of all key business processes are in place.

Control

- Business and Information Systems recovery plans for all applications and systems are documented and support all business processes carried out at each location.

- Recovery Time Objectives and Recovery Point Objectives have been agreed with the business.

- The recovery plans are reviewed and tested annually to ensure they remain appropriate. Test results are reported on to the Admin Risk Committee.

Verified through the inspection of documentation that there is a Business Recovery Plan in place covering all applications and Locations in scope. This document is formally reviewed and signed off for the period under review and that the Recovery Time Objectives and Recovery Point Objectives have been agreed with the business.

Verified through the inspection of documentation that the Business Recovery plan is tested annually and remediation action taken as issues are identified. Verified that the test results are reported to the Admin Risk Committee.


45

7.5 Monitoring compliance

Outsourced activities are properly managed and monitored.


7.5a (i)

Process Outsourced activities are actively managed and monitored. Service Level Agreements are in place, covered by appropriate contracts and monitored by the Business Services Group.

Control

- Contracts and Service Level Agreements are maintained with third party vendors managing the Pension Administration system (ITM Ltd).

- Formal governance and service review meetings are held.

- Regular reporting against service level agreement by third party vendors is obtained and reviewed.

- Assurance of the internal IT controls at third party vendors is obtained.

Obtained and inspected supporting documentation and verified that outsourced activities were actively managed and monitored and that Service Level Agreements were in place, covered by appropriate contracts and monitored by the central Punter Southall Group IT Infrastructure team depending on activity.

Obtained and inspected supporting documentation and verified that contracts and Service Level Agreements were maintained with third party vendors managing the Pension Administration system (ITM LTD) and that formal governance and service review meetings were held.

Obtained and inspected supporting documentation and verified that regular reporting against service level agreement by third party vendors was obtained and reviewed and that assurance of the internal IT controls at third party vendors was obtained.


7.5a (ii)

Process Outsourced activities are actively managed and monitored. Service Level Agreements are in place, covered by appropriate contracts and monitored by the central PSG IT infrastructure team depending on activity.

Control

- Contracts and Service Level Agreements are maintained with third party vendors managing the Wide Area Network solutions provider (SSE).

- Formal governance and service review meetings are held.

- Regular reporting against service level agreement by third party vendors is obtained and reviewed.

- Assurance of the internal IT controls at third party vendors is obtained.

Obtained and inspected supporting documentation and verified that outsourced activities were actively managed and monitored and that Service Level Agreements were in place, covered by appropriate contracts and monitored by the central Punter Southall Group IT Infrastructure team depending on activity.

Obtained and inspected supporting documentation and verified that contracts and Service Level Agreements were maintained with third party vendors managing the Wide Area Network solutions provider (SSE) and that formal governance and service review meetings were held.

Obtained and inspected supporting documentation and verified that regular reporting against Service Level Agreement by third party vendors was obtained and reviewed and that assurance of the internal IT controls at third party vendors was obtained.


7.5a (iii)

Process Network services provided by third parties are reviewed on an on-going basis to ensure the services provided, meet the organisation’s requirement.

Control The services are reviewed by both the IT Operations Manager and IT Director, any issues are escalated to the IT Governance Board.

Verified through enquiry that network services provided by third parties were reviewed on an on-going basis to ensure that the services provided met the organisations requirements.

Verified through enquiry that the services were reviewed by both the IT Operations Manager and IT Director.

Verified through enquiry that there were no issues during the period.

No exceptions noted

46

7.5a (iii)

Process PSG IT outsource some network monitoring and management tasks to a third party Wide Area Network solutions provider - SSE. PSG also have Service Level Agreements in place with SSE, covered by appropriate contracts and monitored by the IT Operations Team.

Control Real time monitoring of all network services is carried out 24 / 7 by ITS using SolarWinds Event management and action taken if needed direct with SSE under ITIL Incident Management tracked in Hornbill.

Obtained and inspected supporting documentation and verified that Punter Southall Group IT outsourced some network monitoring and management tasks to a third party Wide Area Network solutions provider – SSE and that PSG also had Service Level Agreements in place with SSE, covered by appropriate contracts and monitored by the IT Operations team.

Obtained and inspected supporting documentation and system settings and verified that real time monitoring of all network services was carried out 24 / 7 by ITS using SolarWinds Event management and action taken if needed direct with SSE under ITIL Incident Management tracked in Hornbill.


7.5a (iv)

Process Network services provided by third parties are reviewed on an on-going basis to ensure the services provided meet the organisation’s requirement.

Control Services provided by third party vendors are reviewed by both the IT Operations Manager and IT Director, any issues are escalated to the IT Governance Board.

Obtained and inspected supporting documentation and verified that services provided by third party vendors were reviewed by both the Chief Technology Officer and IT Director and that the one issue raised was escalated to the IT Governance Board.


47

10. Prospective Customer Disclaimer Letter

Private and Confidential

The Directors 19 September 2018 PS Administration Limited 11 Strand London WC2N 5HR

Dear Sir / Madam

Release of the 2018 AAF 01/06 Report to prospective customers of PS Administration Limited.

The 2018 AAF 01/06 report which covers the internal controls relating to pension adminstration services provided by PS Administration Limited (the ‘service organisation’) as at 31 March 2018 has been prepared by the directors of the service organisation principally for the purposes of providing information to organisations who were customers at 31 March 2018. You have asked us to agree to you providing to prospective customers, i.e organisations that were not customers at 31 March 2018, a copy of the 2017 AAF 01/06 report which included our service auditor’s assurance report (‘our assurance report’) dated as at 31 March 2018.

We confirm that we are agreeable to you so doing on the clear understanding that our assurance report was addressed to you and was prepared on your instructions as set out in our engagement letter dated 23 February 2018. The report was not prepared for the benefit of any prospective customers and therefore items of possible interest to prospective customers may not have been specifically addressed by the 2018 AAF 01/06 report or the work supporting our assurance report. Nor does BDO LLP warrant or represent that the information in the 2018 AAF 01/06 report or work done in connection with our assurance report is appropriate for the interests or purposes of prospective customers. For the foregoing reasons the 2018 AAF 01/06 report cannot in any way serve as a substitute for enquiries and procedures that prospective customers would (or should) undertake and judgements they should make for the purpose of satisfying themselves regarding any matters of interest to them. Furthermore, we (BDO LLP, its partners, employees and agents) accept no duty or responsibility (whether in contact or in tort and including, without limitation, negligence and breach of statutory duty) and deny any liability to prospective customers or to any other third party in relation to our assurance report or otherwise, whether or not the 2018 AAF 01/06 report or our assurance report therein influences the decision or action of any prospective customer or any other party.

Prospective customers are also bound by a duty of confidentiality to BDO LLP, as well as to you. Consequently the 2018 AAF 01/06 report, and information obtained from it, must not be made available or copied in whole or in part to any other person without our prior written permission which we may, at our discretion, grant, withhold or grant subject to conditions (including conditions as to legal responsibility or absence thereof).

Notwithstanding our consent to the release of the 2018 AAF 01/06 report to prospective customers, our assurance report remains addressed to you and it is a matter for you to decide whether the release of the 2018 AAF 01/06 report is appropriate in the circumstances.

To ensure that prospective customers have a clear understanding of the terms under which our assurance report is being provided to them, a copy of this letter should accompany our assurance report.

Yours faithfully

For and on behalf of BDO LLP

55 Baker Street London W1U 7EU Telephone: +44 (0)20 7486 5888 Facsimile: +44 (0)20 7487 3686 DX 9025 West End W1 Web site: www.bdo.co.uk


48

About XPS Pensions GroupXPS Pensions Group is the largest purely pension consulting and administration firm in the UK. We have benefits of scale – we have very deep experience to draw on, and can invest in solutions for the good of our clients – yet we remain agile, able to respond quickly as the world shifts around our clients.

As the only UK pensions specialist listed on the FTSE we have the flexibility to think and act differently. Our unique structure means that we can make transparent, long-term investment decisions in our business for the good of our clients and pension scheme members. We advise over 1200 pension schemes and administer pensions for over 600,000 members and we employ 900 staff across 15 UK locations.

XXXXXXXX

XPS Pensions Group, XPS Pensions, XPS Administration, XPS Investment and XPS Transactions are the trading names of Xafinity Consulting Ltd, Punter Southall Ltd and Punter Southall Investment Consulting Ltd.

XPS Administration is the trading name of PS Administration Ltd.

Registration Xafinity Consulting Ltd, Registered No. 2459442. Registered office: Phoenix House, 1 Station Hill, Reading RG1 1NB. Punter Southall Investment Consulting Ltd Registered No. 6242672, Punter Southall Ltd Registered No. 03842603, PS Administration Ltd Registered No. 9428346. All registered at: 11 Strand, London WC2N 5HR. All companies registered in England and Wales.

Authorisation Punter Southall Investment Consulting Ltd (FCA Register number 528774) and Xafinity Consulting Ltd (FCA Register number 194270) are both authorised and regulated by the Financial Conduct Authority (FCA) for investment business.

This report should not be relied upon for detailed advice. Permission for reproduction of material in this document must be sought in advance of any public domain use.

Belfast T: 02890 32 8282

1st Floor – Flax House 83 - 91 Adelaide Street Belfast BT2 8FE

Birmingham T: 0121 230 1900

1 Colmore Row Birmingham B3 2BJ

Bristol T: 0117 202 0400

33 – 35 Queen Square Bristol BS1 4LU

Chelmsford T: 01245 673 500

Priory Place New London Road Chelmsford CM2 0PP

Edinburgh T: 0131 230 0300

3rd Floor – West Wing 40 Torphichen Street Edinburgh EH3 8JB

Guildford T: 01483 330 100

Tempus Court Onslow Street Guildford GU1 4SS Leeds T: 0113 244 0200

10 South Parade Leeds LS1 5AL London T: 0203 327 5000

11 Strand London WC2N 5HR

Manchester T: 0161 393 6860

82 King Street Manchester M2 4WQ Middlesbrough T: 0164 272 7331

Vancouver House Gurney Street Middlesbrough TS1 1JL

Newcastle T: 0191 341 0660

4th Floor Wellbar Central Gallowgate Newcastle NE1 4TD Perth T: 01738 503 400

Saltire House 3 Whitefriars Crescent Perth PH2 0PA

Reading T: 0118 918 5000

Phoenix House 1 Station Hill Reading RG1 1NB Stirling T: 01786 237 042

Scotia House Castle Business Park Stirling FK9 4TZ

Wokingham T: 0118 313 0700

Albion Fishponds Road Wokingham RG41 2QE Please direct all email enquiries to: E: [email protected]

Contact us xpsgroup.com

Awards and Affiliations

Assurance Report on Internal Controls · Our teams of actuaries, pension specialists, investment...

Documents

Transcript of Assurance Report on Internal Controls · Our teams of actuaries, pension specialists, investment...