Assurance Report on Internal Controls (AAF 01/06) Report 2017.pdf · Contents 1. Chief...

Assurance Report on Internal Controls (AAF 01/06)October 2017

Contents

1. Chief Executive’s Welcome 1

2. Report by directors of PS Administration Limited

3

3. Structure of the Punter Southall Group 4

4. PS Administration Limited business structure

5

5. Control environment 6

6. Assurance Report by the reporting accountants

13

7. Summary of control objectives and audit findings

15

8. Control procedures and reporting accountants’ tests

17

9. Prospective customer disclaimer letter 44

PS Administration Limited

1Assurance Report on Internal Controls (AAF 01/06) – October 2017

1. Chief Executive’s Welcome

I am delighted to present this assurance report which describes the control

environment within which our pension administration services operate.

PS Administration Limited (PSAL) (a subsidiary of the Punter Southall Group) provides client focused

administration solutions for occupational pension schemes. Our 300 pension administration staff provide

the full range of services, to over 240 trust-based schemes covering some 360,000 members from offices

around the UK. In August 2017 we opened our eighth office in Perth, Scotland.

Our business has grown quickly in recent years, with revenues doubling from £9.4m in 2011 to £18.8m in

2016. This growth will continue as a result of a number of large new client wins during 2016 and 2017.

Administration is our core business and we put the member first by focusing on accuracy and the member

experience. The high quality, robustness and the consistency of our administration services is widely

recognised in the market: in March 2017 for the third time in 4 years we ranked first in Professional

Pensions’ survey of Third Party Administrators.

We continuously strive to find ways of improving the level of service delivered to our clients. Our

strategy has been to focus on ensuring the delivery of high quality administration services, combined

with a commercial proposition that represents value for money. Pension Administration has become

an increasingly complex occupation and whilst we have invested significantly in our technology and IT

infrastructure over the past 5 years, it is our belief that it is the quality of our people, and the impact they

have on the quality of interactions with pension scheme members, that represents our key differentiator.

In support of our requirement to manage a quality controlled administration business, we operate within a

governance structure which ensures the clear flow of information and the decision making processes. This

enables us to react swiftly to regulatory change and stay at the forefront of developments in the industry.

Annual audit 2016 –17

The directors of PSAL, previously part of Punter Southall Limited, appointed BDO LLP in 2006 to audit the

operation of our procedures and controls in line with the AAF 01/06 requirements. This is the eleventh such

annual report that we have published and it covers the period 1 April 2016 to 31 March 2017. It provides

information and assurance to our clients and their auditors with regard to the controlled environment

within which we operate.

This report has been prepared in accordance with the framework for pension administration services set out in

the ‘Technical Release AAF 01/06 on assurance reports on the internal controls of service organisations made

available to third parties’ issued by the Institute of Chartered Accountants in England and Wales (ICAEW).

Our control procedures are described in section 8 of this report, together with the testing performed by our

external auditors, BDO.

Continued overleaf >>

2 PS Administration Limited

At the time of the audit there were 57 documented operating controls in place relating to the services

provided by PSAL. Following their audit BDO noted only 1 exception during the period from 1 April 2016 to

31 March 2017. This exception identified that BDO were unable to obtain evidence that building access was

removed on a timely basis after an employee had left the business, although evidence was obtained that

system access was removed in a timely manner. We have reviewed BDO’s findings and have put in place

additional measures to ensure that this control is fully adhered to in the future.

For specific details relating to the exception noted by BDO and the remedial action taken please refer

to control 7.1a (ii) in Section 8. BDO have concluded that all other controls were suitably designed and

operating effectively throughout the audit period.

Richard Thomas

Chief Executive

PS Administration Limited


2. Report by directors of PS Administration Limited

As directors of PS Administration Limited (PSAL) we are responsible for the identification of control objectives relating to

the provision of pension administration services by PSAL and the design, implementation and operation of PSAL controls

to provide reasonable assurance that the control objectives are achieved.

In carrying out those responsibilities we have regard not only to the interests of clients but also to those of the owners of

the business and the general effectiveness and efficiency of the relevant operations.

The accompanying description has been prepared for clients who have used the pension administration services and

their auditors who have a sufficient understanding to consider the description, along with other information including

information about controls operated by clients themselves, when assessing the risks of material misstatements of clients’

financial statements.

We have evaluated the fairness of the description and the design suitability of PSAL controls having regard to the

International Standard on Assurance Engagements 3402 (ISAE 3402), issued by the International Auditing and Assurance

Standards Board, the Technical Release AAF 01/06 (AAF 01/06), issued by the Institute of Chartered Accountants in

England and Wales, and the control objectives for Pension Administration set out in AAF 01/06.

We confirm that:

a. The accompanying description at pages 5 to 12 and 15 to 43 fairly presents PS Administration Limited pension

administration services from 1 April 2016 to 31 March 2017. In addition to the control objectives specified in AAF

01/06, the criteria used in making this assertion were that the accompanying description:

i. Presents how the services were designed and implemented, including:

• The types of services provided and, as appropriate, the nature of transactions processed.

• The procedures, both automated and manual, by which client transactions were initiated, recorded and

processed; the accounting records and related data that was maintained, reported and corrected as necessary.

• The system which captured and addressed significant events and conditions, other than client transactions.

• The components of the information systems supporting the relevant transactions that protected the

confidentiality, integrity and availability of data.

• Other aspects of our control environment, risk assessment process, monitoring and information and

communication systems, were relevant to our control activities.

ii. Does not omit or distort information relevant to the scope of the services being described, while acknowledging

that the description is prepared to meet the common needs of a broad range of clients and their auditors and

may not, therefore, include every aspect of the services that each individual client may consider important in its

own particular environment.

b. The controls related to the control objectives stated in the accompanying description were suitably designed as at

1 April 2016. The criteria used in making this assertion were that:

i. The risks that threatened achievement of the control objectives stated in the description were identified.

ii. The identified controls would, if operated as described, provide reasonable assurance that those risks did not

prevent the stated control objectives from being achieved.

Richard Thomas

Chief Executive

October 2017

Signed on behalf of the PSAL Board of Directors


3. Structure of the Punter Southall GroupPunter Southall was established in 1988 by Jonathan Punter and Stuart Southall to provide actuarial and administration

services to UK pension schemes. The business was originally set up to introduce a fresh, competitive presence to a largely

static pension services market and primarily to put client service first. These guiding principles have not changed.

The Punter Southall Group (the Group) has grown significantly over the years and provides a range of financial services

including actuarial, consulting, administration, employee benefits consulting, covenant assessment, independent financial

advice and investment services for pension funds, corporates and individuals. The Group currently has around 900

employees and advises around 1,200 pension schemes, companies and organisations from a broad spectrum of UK

businesses, charities, unions and institutions.

The Group’s administration business, PSAL, increased revenues from £16m in 2015 to £18.8m in 2016, and continues to

be widely recognised in the market for its high quality, robustness and consistency. PSAL now provides administration

services to some 240 pension schemes with assets of over £32bn. Our client schemes range from 20 to 75,000 members,

and in total we serve over 360,000 members.

The Group comprises ‘sister’ subsidiaries, as shown in the following diagram, whose services complement and mutually

benefit the rest of the Group.

Independent pension scheme trustee serviceswww.psitl.com

Actuarial consultingwww.puntersouthall.com

Pensions administration serviceswww.psadmin.com

Corporate pensions advice and actuarial services in transactionswww.pstransactions.co.uk

Investment consultingwww.puntersouthall.com

DC defined contribution consulting, investment research and member communication serviceswww.psaspire.com

Protection, healthcare, wellness and online benefits for employers and consumerswww.pshp.co.uk

Independent financial advisers www.psfm.com

Wealth managerswww.psigma.com

Investment information, reporting and analyticswww.camradata.com

Payment improvement and legal claim quantification serviceswww.puntersouthallanalytics.com


4. PS Administration Limited business structurePSAL provides client focused administration solutions for occupational pension schemes. We provide the full range of pension administration services to over 240 trust-based schemes currently from 8 offices around the UK, within a structured and quality controlled environment. We seek to provide the highest levels of quality, and continuously strive to find ways of improving the level of service delivered to our clients.

In March 2017 we were ranked first in Professional Pensions’ survey of Third Party Administrators, for the third time in 4 years. Our team of around 300 pension administration staff provides services to a wide range of trust-based company pension schemes, including: defined benefit; defined contribution; career average revalued earnings (CARE) and hybrid schemes.

We use an individual scheme-based approach to administration, with one client team responsible for all aspects of our administration service. This ensures we focus on the needs of our clients and their scheme members, and that the quality controls we apply remain relevant and robust.

In support of our requirement to manage a quality controlled administration business we operate within a governance structure which ensures the clear flow of information and the decision making processes, as shown below. This enables us to react swiftly to regulatory change and stay at the forefront of developments in the industry.

Administration Operations Committee (AOC)

• Responsible for the delivery of high quality services • Monitors resourcing levels and capacity planning• Staff development – via Training & Study Sub-Committee• Operational efficiency initiatives –via Efficiency Sub-Committee• Monitors the delivery of agreed SLAs & agrees intervention actions• Oversees continued compliance with legislation and regulation

Risk Management Committee (RMC)

• Oversees risk management framework, including strategic risk

• Sets audit framework, both internal and external audits

• Oversees legal and regulatory framework• Monitors compliance with legislation, regulation

and internal policies• Works with AOC & EXCO to ensure risks / issues

raised & addressed

Strategy Steering Group (SSG)

• Focus on delivery of the 5 year plan• Strategic oversight• Responsibility for the pricing of new business

contracts

Team Leaders Group (TLG)

• Information exchange• Delegated decision

making• Consistent approach

to delivery• Feedback to AOC

Deputy Team Leaders Group

• Information exchange• Delegated decision

making• Consistent approach

to delivery• Feedback to TLG

Admin Services Group (ASG)

• Review and develop quality control framework

• Technical and process analysis of legislative change

• Maintains standard letters and process guidance

• Technical training framework

• Providing support to administration teams via the resolution of specific queries

• Issuing of technical guides, training & awareness to administration teams

Business Services Group (BSG)

• Development and support for business applications

• Management of new business transition projects

• Project support for client teams

• Management of internal business change projects

• Production of management reporting information

• Business interface with IT infrastructure

Client Management Team

• Manage the commercial relationships for Administration only clients

• Ensure the CMT framework is applied for Full Service Contracts where appropriate

• Work with the client teams to deliver shared objectives

• Provide consultancy advice where appropriate

• Liaise with ASG to deliver regulatory & legislative change

Administration Executive Committee (EXCO)

• Delivery of strategy, sets & monitors budgets & KPIs • Approvals – resourcing decisions, all budget spending, changes to T&Cs• Enforces continued compliance with legislation and regulation• Agrees policy & considers response to risk & compliance issues

PSAL Administration Ltd Board

• Business governance• Strategic review


5. Control environment5.1 Risk Management

The Punter Southall Group operates a mature risk

management governance structure. A sub-committee of

the Board, the Group Risk Committee oversees the overall

business risk strategy. This Committee has implemented

a risk management framework and risk policy to be used

throughout the organisation. These, combined with an

effective oversight and governance structure, ensure that

the risks the Group face are identified in a timely manner

and are effectively managed.

Our Administration Risk Committee, chaired by the Chief

Executive of PSAL, identifies and monitors administration

related risks. The committee members have been drawn

from all departments within the administration business.

This committee meets regularly and reports back to the

Group Risk Committee via the Group Risk Manager. The

Administration Risk Committee is responsible for the

following areas relating to administration:

• Risk management and reporting

• Internal and external audits

• Internal control framework

• Fraud prevention

• Business continuity and disaster recovery

• Compliance with legislation

• Complaints and errors

• Data Protection and Information Security

• Training and development

• Contractual agreements.

5.2 Business Continuity

Business Continuity Management (BCM) is integral to the

risk management strategy of the Punter Southall Group.

The primary objective of our BCM programme is to ensure

that critical business functions and processes are prioritised

and can be recovered within predetermined timeframes

in response to a major operational disruption. This ensures

continuity of our core services and safeguards the interests

of all our stakeholders. Our programme is aligned to

IS022301 and industry good practice.

Each business in the Group has a Business Recovery Plan

that prioritises the recovery of its critical processes and

details the strategies and resources required

to do so. These plans are updated at least annually, or

sooner to reflect business change. They are accessible

in paper form, held securely off-site by key personnel,

as well as electronically via the Group’s network. If any

office is inaccessible for more than half a working day,

our displacement strategy ensures that critical functions

can either continue to work from a dedicated third party

work area recovery site, be displaced to another office or

work from home.

The Group operates out of two data centres; a Primary

production site and a geographically separate Disaster

Recovery (DR) data centre. Critical systems and data

are replicated form the primary site to the DR site,

ensuring that in the unlikely event that the primary site is

unavailable, these systems can rapidly be made available

from the DR site. The systems at both the primary and

DR site are monitored on a constant basis to ensure they

are operating as expected, with regular testing to ensure

the procedures required to switch to the DR site are

current and effective.

Business Recovery Plans are tested twice annually; once

focusing on the IT Disaster Recovery elements and once

focussing on a denial of access scenario impacting our

offices. This approach ensures that the plans and data

held within them are tested and validated on a regular

basis. All- staff rapid notification tests are also carried out

annually.

During the last 12 months we carried out two work area

recovery tests to test the Group displacement strategy

in a denial of access scenario. This test confirmed that

our displacement strategy remains appropriate. In August

2017 the Group carried out IT Disaster Recovery testing,

covering the recovery of Business critical systems,

including for PSAL. A rolling programme of ongoing tests

is planned for 2017 / 2018

5.3 Information Security

Punter Southall Group (the Group) believes that

Information Security is fundamental to the risk

management strategy of the Group and takes the

protection of our information assets and those of our

clients very seriously.

The Group Risk Management Committee (RMC) has

responsibility to the Board to ensure the Information

Security framework is in place across the Group and

working effectively. It is supported by the Information

Security Steering Committee (ISSC) which is responsible for


ensuring that the annual Information Security Programme

(agreed with the RMC) is delivered. The ISSC is also

responsible for ensuring that all Group IT systems and data

handling are secured in line with current legislation, industry

best practices and ISO27001 standards where appropriate.

The Group has deployed an Information Security

Management System (ISMS) based on ISO 27001:2013.

To support the ISMS there is a comprehensive suite of

Information Security policies which provide staff with

formal guidance on how we protect our information, along

with an Annual Information Security and Data Protection

Awareness training programme. The policies and the controls

documented within the suite are mandatory for all staff.

These policies are reviewed and updated at least annually

and are approved by the Group Board.

The Group’s controls and governance framework are

audited on a regular basis as part of the Group’s Internal

Audit Programme as well as the AAF 01/06 annual

reviews. These controls and the ISMS are aligned to the

ISO27001 standard, which has allowed the Group to gain

certification. PSAL extended the scope of its ISO27001:2013

accreditation to cover all of its clients and offices in

December 2016.

The Group has a range of technical controls in place to

protect its information assets, including next generation

firewalls, Security Information and Event Management

Software (SIEM) and an Intrusion Protection System

(IPS). The Group utilises Vulnerability Scanning Software

to regularly check for weaknesses within its systems/

applications. These scans are supported by additional

independent Penetration Tests that are carried out by

CHECK/ CREST approved suppliers.

Information Security policies require that users must employ

a complex password to access the Groups systems with

users forced to change their passwords on a regular basis.

All Punter Southall Group computer systems are only

accessible by authorised individuals. All users who require

access to Punter Southall Group information systems are

assigned a set of unique credentials with access rights that

will only allow them access to the information they need

to carry out their job function. Access rights for users must

be authorised by line managers and specialised technical

privileges must be authorised by the IT Operations Manager.

Access to client databases is further segregated via security

groups and they are only accessible to those staff that work

on the particular client. This access is reviewed quarterly.

5.4 Third Party Management

The Group has a Third Party Management Policy in place to

ensure that all suppliers with physical or logical access to

information classified Private and Confidential by the Group

are effectively managed. The policy ensures the following:

• Third parties are reviewed prior to any access being

granted. Access is only allowed if they can demonstrate

they comply with the Group’s standards.

• Confidential information is protected when accessed,

handled by, or transmitted to third parties.

• There is a standardised approach to identifying,

communicating and managing risk introduced by

third parties.

• Information Security incidents associated with third party

access are identified and managed effectively.

5.5 Training and Development Programme

PSAL’s services encompass a variety of different disciplines

within the business. We offer full support to all our

employees wishing to sit professional qualifications within

their discipline. The majority of our administrators are either

studying for, or have attained, professional qualifications

established under the Pensions Management Institute.

Following the establishment of PSAL as a new entity

we applied for IIP Accreditation in August 2016 and

were awarded ‘Silver Status’. The Silver award requires

organisations to demonstrate evidence against 115

individual requirements (76 more requirements than those

needed to satisfy the conditions of the core IIP standard).

IIP is about training and developing staff to enable the

company to achieve its aims, visions, goals and strategy.

This benefits both the individual and the company, ensuring

that all employees are motivated and offered progressive

career paths.

We operate a half yearly appraisal system, focusing on

both personal and business development. This provides all

employees with the opportunity to discuss development

opportunities, agree training programmes and work towards

clear objectives.

The pension industry is subject to regular legislative

changes and, in order to continue providing a high quality

service to our clients, it is vital that all our employees are

able to react to these changes. Our dedicated technical

support teams, with representatives from each discipline,

keep abreast of these developments and provide our

employees with any training required.

In addition, all employees are required to participate in

our mandatory online training programme to ensure they

operate in accordance with legislative and Group standards.

This programme includes Awareness of Bribery and

Corruption, Anti-Money Laundering, Information Security

and Data Protection training.


We have a Study and Training Committee in place to help

develop and maintain the overall administration training

and study support framework, ensuring it meets the needs

of the business. This is achieved by developing sufficient

technical and procedural expertise to support our

quality structure and manage the risk of noncompliance

with legislation; developing IT skills to assist efficiency;

promoting and supporting the various professional

qualifications and assisting with the personal development

of our administration staff.

5.6 Compliance

Changes in pension legislation just keep on coming!

Our Administration Services Group (ASG) is a central

team that assesses the impact of legislative change

to identify any issues which impact on our clients

and administration processes. Any new compliance

requirements and process changes are communicated

via ‘Hands on Technical Updates’ backed up by face-to-

face discussions with our Administration Managers. ASG

also maintains a comprehensive intranet site which is

accessible to all administrators providing a reference

source for technical materials as well as procedural

guidance, standard letter templates and checklists. All of

this ensures compliant processes and a consistent quality

of administration.

5.7 Management Information

Our corporate governance structure includes an Executive

Committee and an Administration Operations Committee

(AOC) which meets on a monthly basis to analyse key

management information.

A management information pack is produced on a

monthly basis and is distributed to our management

group. It has been designed to capture management

information on all aspects of the administration business.

The statistics provided cover the following:

• Team, client and location performance against Service

Level Agreements

• The volumes of work experienced

• An age analysis for any work outstanding at the end of

the reporting period

• Analysis of accuracy (at the point of checking / peer

review)

• Critical DC processes such as investment and lifestyling

processes, control checks

• Financial and staffing information

• Client banking information

• Feedback from member questionnaires received

• A trend analysis covering the prior three and twelve

month periods

• An analysis of unresolved errors and complaints

recorded.

This provides both our Executive Committee and AOC

with a powerful reporting tool that is used to identify

any risks or issues, with a view to agreeing rectification

measures. There is regular interaction between AOC and

the Administration Risk Committee with representatives

from Operations and Risk on both committees.

5.8 Information and Communication

We regularly report back to our clients on our

performance against the agreed standards through an

administration report which is prepared for each trustee

meeting. This report includes details and commentary on

various aspects of the running of their scheme, including

the following:

• Financials; including contributions received and income

and expenditure

• Trustees’ discretions exercised during period

• Membership statistics

• Service level reports

• Compliance with legislation

• Member satisfaction questionnaires

• Developments / changes within PSAL.

This report has been specifically designed to assist the

trustees with meeting their governance requirements

in accordance with legislation and the Pensions

Regulator’s guidance.

5.9 Administration Technology

We are constantly evaluating and reviewing our

administration systems and infrastructure and have

introduced a number of significant improvements over

the past few years.

PenScope

The platform we use to support our administration service

is PenScope. This system was originally developed in-house

and in 2009 we entered into an outsourcing contract


with the pension software and transition management

company, ITM. Accordingly, ITM now own the rights to

PenScope and provide support and further development

to us under contract. We also own a minority shareholding

in ITM and the Chairman of PSAL, John Batting, sits on

their Board.

We have made, and continue to make, a significant

contribution in the development of the PenScope

administration system, to ensure that it represents leading

edge technology, and that it fully supports our focus on

quality, accuracy and efficiency.

The main features of PenScope are:

• It is designed based on extensive experience of final

salary, money purchase, hybrid, cash balance and CARE

schemes.

• It is a browser based application with a zero client install.

• The application database is run on the industry standard

MS SQL Server ensuring flexible access to the database

content.

• A MS.NET framework provides a centralised and well

managed calculation engine coded in the widely used

VBA.NET programming language.

• Web Services enabling integration routes for third party

products and our own member web-access offering.

Member web-access (MyPension.com)

Over the past year we have continued to roll out

MyPension.com to a number of our clients, which has

enabled them in turn to offer their members online access

to the member details we hold on our administration

system (PenScope). Trustee access to scheme membership

data is also supported via MyPension.com.

Over the last year we have also embarked on a redesign

of the platform with a focus on improved client

access, through the introduction of responsive design

technologies and greater self-service. Phased roll-out to

our clients is currently underway.

Some current features for defined benefit

schemes include:

• Access for active, deferred and pensioner members

to personal details.

• Members can view and amend contact and ‘expression

of wish’ details.

• Members can post enquiries directly to their

administration team with the enquiries falling directly

into our Business Process Management (BPM) system.

• Where calculations are automated on PenScope

members can perform online calculations and receive

immediate online quotations.

• Members can view their personal documents e.g. benefit

statements, leaver statements and e-payslips.

• Members can view scheme documents e.g. booklets

and forms.

• Client (pensions manager or trustee) access with ability

to search and view member records.

• Design (logos and colour scheme) can be tailored for a

small additional cost to match clients’ corporate branding.

In addition to the above, features for defined contribution

schemes include:

• Members can view their latest fund values.

• Request changes to their fund choices and contribution

rates.

• Access PS Planner to run pension projections.

• Multi-platform access including browsers, tablet and

smart phone.

Alfresco

Alfresco is our converged Electronic Content Management

(ECM) and Business Process Management (BPM) system

used to create efficient, connected processes that present

member and scheme documents to all our administration

teams in a single browser interface. By utilising its inbuilt

functionality we are able to better manage and audit our

administration processes as well as integrate with our

administration and reporting systems.

Some of our current highlights include:

• The integration of a Central Member Database

(CMDB). This is our master data source to client data

pulled from our various administration systems and is

used to accurately tag content with the most current,

relevant and accurate personal member data.

• Dynamic in flow check-list guiding administrators

through the process and ensuring benefits are accurate

and compliant.

MyPension.com


• Integration with our reporting systems allowing us

to report historical and current work item status and

Service Level Agreement counters.

CashFac – Virtual Banking Technology

CashFac is virtual banking software introduced to

support our accounting and treasury services allowing

us to adopt full electronic banking and payment

functionality. CashFac links to our banking partners to

deliver up to date transactional information by 8am each

day. Thus we have removed the risks associated with

paper based cashiering processes and made significant

efficiency gains.

CashFac enables the following:

• Automated payments including BACS, CHAPS and

SWIFT.

• Consistent control of all cash management regardless

of bank.

• Automatic daily bank account reconciliation.

• Secure, distributed and tailored user access to scheme

bank accounts and cash analysis across multiple locations.

• Simultaneous payment and cash analysis in multiple

currencies.

• An online audit trail for all transactions and events.

• Tailored reporting based on business criteria.

• Automatic Transaction Matching and Allocation

suggests matches for receipts that lack reference data

for automated matching.

• Integration with Alfresco to allow one click retrieval of

supporting transaction documents.

Over 90% of our clients to whom we provide client banking

services have now moved over to CashFac, enabling greater

control and security on the service we provide.

NGA HR Payroll Software

All of our client payrolls are managed by our central

specialist pension payroll team who are based in our

Newcastle office.

The PS Enterprise application is a proven and

comprehensive system, that has been engineered to

provide key users with all the flexibility and functionality

that they require to enable them to carry out their

day to day activities effectively and efficiently. It also

enables those users to utilise powerful analytical and

reporting tools to allow them to analyse and distribute

information in real time. PS Enterprise is scalable to

accommodate many thousands of employees/pensioners.

Robust security and comprehensive audit features

also ensure the integrity of the solution – all historical

information is available on-line at all times.

Currently we have integration in place that:

• Integrates payroll records added and amended within

our CMDB.

• Automates the New Starter processes by adding

retirements processed on PenScope automatically

to the Payroll.

• Automatically publishes pensioner payslips to our

member online web portal (MyPension.com).

Altus Investment Gateway (STP)

We have introduced the Altus Investment Gateway into

our technology framework to enable ‘Straight Through

Processing’ (STP) for both Defined Benefit and Defined

Contribution (DC) investments wherever possible. STP is

the end to end management of investment transactions,

utilising technology and automated system controls, to

minimise manual intervention and therefore to reduce risks.

With PenScope and the Altus Investment Gateway being

fully integrated, we can now load contribution files we

receive into the administration system, validate and

approve them, pass the details of the instruction into the

gateway and send an electronic instruction to the fund


managers (utilising the Via Nova standard).

This is confirmed as being received and correctly

formatted, in near real-time. When the deal is complete,

confirmation and prices are passed into the gateway

from the fund manager, and then back into PenScope to

complete the cycle, update member records and also to

update the fund/unit reconciliation (all within PenScope).

Profund Aviary

Profund Aviary is an innovative accounting solution

created specifically for occupational pension schemes

and third-party administrators. The system is designed

to turn data into management intelligence with

the minimum of time and effort through the use of

automation and the ‘Key Once’ philosophy. It was

purposely designed to meet the unique demands created

by members and investments, rather than suppliers and

income as in a conventional ledger. It is used by more

than 1,500 schemes, ranging in size and complexity, to

manage their pension scheme accounts.

Over the last year we have been phasing in the use of

Aviary Draft Accounts Reporting (ADAR), to enable better

automation of end of year scheme reporting.

PS Planner

Our multimedia DC projection tool offers the following

benefits for scheme members:

• Fully interactive modelling of DC pension projection,

consistent with our SMPI approach.

• The ability to see the effect of changing investment

strategy, contributions, retirement age, and pension

options.

• Full graphical reports that can be downloaded and

printed.

• The ability to access the tool from work or home.

Pensions Online Documents (POD)

The Punter Southall Group have developed a secure

online document storage facility that allows our clients

to store scheme documents and access them remotely

via the internet for viewing and/or printing. We currently

have a number of clients across the business who have

sites set up to access this facility.

It can also be used for posting papers for discussion (at

meetings and conference calls) and provides an excellent

archive of historic documents. This enables trustees to easily

access the most up to date version of documents, whilst

also being able to access historic documents if required.

Future Technology Developments

As with the enhancements listed above, future

developments will be evaluated on the basis of clear

business benefits, ranging from risk reduction for

ourselves and for our clients to the achievement of

greater efficiencies via the intelligent use of technology.

We will not step away from our fundamental belief that

quality administration requires quality people, and not

simply investment in technology.

Our systems development roadmap includes the

provision of an enhanced web proposition for clients.

The planned enhancements are:

• The replacement of PS Planner with a DC Modeller

embedded directly into MyPension.com enabling

direct member record data-feeds and scheme specific

customisation.

• Client (pensions manager or trustee) access to our

workflow system to view member casework in progress

and/or produce standard reports.

• The migration of our current payroll solution to the

NGAHR ResourceLink platform.

• The introduction of ePortal, a web facing service

allowing clients to securely post HR interface files

that will be applied to our Administration platform

in real-time.

5.10 Client Control Considerations

The control procedures at PSAL relating to pension

administration activities cover only a portion of the

POD


overall internal control structure of each client account

(together termed ‘User Entities’). Each client must

evaluate the control procedures detailed below in

conjunction with the controls in existence at their

own organisation.

This paragraph highlights those control responsibilities

that PSAL believes should be present for each client and

has considered when developing the control procedures

described herein.

The controls described below are intended to address

only those controls surrounding the interface and

communication between each client and PSAL.

Accordingly, this list does not purport to be, and is not, a

complete listing of the controls which clients may need

to have in place.

• Instructions and information provided to PSAL are

in accordance with the provisions of the agreement

governing the account or other applicable agreements

between PSAL and the client.

• Timely written notification of changes to the client

account objectives, guidelines or provisions of the

governing agreement is made to PSAL.

• Timely review of reports provided by PSAL is

performed by the client and written notice is provided

of discrepancies, if any, with the client’s own records.

• Timely review of invoices for fees and written notice

of discrepancies, if any, with market values with

appropriate client records.

• Timely written notification of changes to individuals

authorised to instruct PSAL regarding activities on

behalf of the client, is made to PSAL.


6. Assurance report by the reporting accountants

Reporting accountants’ assurance report on internal controls of PS Administration Limited

To the directors of PS Administration Limited

Use of report

This report is made solely for the use of the directors, as a body, of PS Administration Limited, and solely for the purpose of reporting on the internal controls of PS Administration Limited, in accordance with the terms of our engagement letter dated 20 February 2017.

Our work has been undertaken so that we might report to the directors those matters that we have agreed to state to them in this report and for no other purpose. Our report must not be recited or referred to in whole or in part in any other document nor made available, copied or recited to any other party, in any circumstances, without our express prior written permission.

We permit the disclosure of this report, in full only, by the directors at their discretion to customers of PS Administration Limited and to the auditors of such customers, to enable customers and their auditors to verify that a report by reporting accountants has been commissioned by the directors of PS Administration Limited and issued in connection with the internal controls of PS Administration Limited, and without assuming or accepting any responsibility or liability to customers or their auditors on our part.

To the fullest extent permitted by law, we do not accept or assume responsibility to anyone other than the directors as a body and PS Administration Limited for our work, for this report or for the conclusions we have formed.

Subject matter

This report covers solely the internal controls of PS Administration Limited as described in our report for the period 1 April 2016 to 31 March 2017. Internal controls are processes designed to provide reasonable assurance regarding the level of control over customers’ assets and related transactions achieved by PS Administration Limited in the provision of pension administrations services by PS Administration Limited.

Respective responsibilities

The directors’ responsibilities and assertions are set out at page 3 of your report. Our responsibility is to form an independent conclusion, based on the work carried out in relation to the control procedures of PS Administration Limited’s pension administration function carried out at the offices of PS Administration Limited as described in the Report by Directors of PS Administration Limited and report this to the directors of PS Administration Limited.

Criteria and scope

We conducted our engagement in accordance with International Standard on Assurance Engagements (ISAE) 3000 and the Institute of Chartered Accountants in England and Wales Technical Release AAF 01/06.

The criteria against which the control procedures were evaluated are the internal control objectives developed for service organisations as set out within the Technical Release AAF 01/06 and identified by the directors as relevant control objectives relating to the level of control over customers’ assets and related transactions in the provision of pension administration services. Our work was based upon obtaining an understanding of the control procedures as described on pages 17 to 43 and evaluating PS Administration Limited’s assertions as described on page 3 in the same report to obtain reasonable assurance so as to form our conclusion. Our work also included tests of specific control procedures, to obtain evidence about their design and implementation in meeting the related control objectives. The nature, timing and extent of the tests we applied are detailed on pages 17 to 43.

Our tests are related to PS Administration Limited as a whole rather than performed to meet the needs of any particular customer.

55 Baker Street London W1U 7EU Telephone: +44 (0)20 7486 5888 Facsimile: +44 (0)20 7487 3686 DX 9025 West End W1 Website: www.bdo.co.uk

BDO LLP Chartered Accountants


Inherent limitations

PS Administration Limited’s control procedures are designed to address specified control objectives and are subject to inherent limitations and, accordingly, errors or irregularities may occur and not be detected. Such control procedures cannot guarantee protection against (amongst other things) fraudulent collusion especially on the part of those holding positions of authority or trust. Furthermore, our conclusion is based on historical information and the projection of any information or conclusions in the attached report to any future periods would be inappropriate.

Opinion

On page 30 of PS Administration Limited’s control, the description states ‘access cards/key fobs to Punter Southall Group buildings are provided as part of the induction process of a new employee. Upon an employee leaving the organisation, notifications are sent from HR to Building Services to notify them that access needs to be removed. Access cards to buildings are only granted upon notification from HR or the relevant business heads. Access for out of hours working must be authorised by management. Access is disabled within a timely manner of the employee leaving the company and is initiated by HR/Building services. Quarterly reviews are carried out by Building Services to ensure access is appropriate.’

An exception was noted because for one of the samples selected, we were unable to obtain evidence that physical access to the building was removed in a timely manner. We note however that for this leaver, the network and application access was deactivated in a timely manner, thereby restricting access to the PSAL systems.

In our opinion, except for the matters raised above, in all material respects, based on the criteria including specified control objectives described in the directors’ report on page 3:

(a) The description on pages 17 to 43 fairly presents the pension administration services that were designed and implemented throughout the period from 1 April 2016 to 31 March 2017;

(b) The controls related to the control objectives stated in the description on pages 17 to 43 were suitably designed to provide reasonable assurance that the specified control objectives would be achieved if the described controls operated effectively throughout the period from 1 April 2016 to 31 March 2017;

(c) The controls that we tested were operating with sufficient effectiveness to provide reasonable assurance that the related control objectives stated in the description were achieved throughout the period 1 April 2016 to 31 March 2017.

Description of tests of controls

The specific controls tested and the nature, timing and results of those tests are detailed on pages 17 to 43.


Date of Assurance Report: 13 October 2017

BDO LLP


7. Summary of control objectives and audit findings

Ref Control objectives Audit findings

1 Accepting clients

• Accounts are set up and administered in accordance with client agreements and

applicable regulations.

• Complete and authorised client agreements are operative prior to initiating

administration activity.

• Pension schemes taken on are properly established in the system in accordance

with the scheme rules and individual elections.

No exceptions

noted

2 Authorising and processing transactions

• Contributions to defined contribution plans, defined benefit schemes, or both,

and transfers of members’ funds between investment options are processed

accurately and in a timely manner.

• Benefits payable and transfer values are calculated in accordance with scheme

rules and relevant legislation and are paid on a timely basis.

No exceptions

noted

3 Maintaining financial and other records

• Member records consist of up to date and accurate information and are updated

and reconciled regularly.

• Contributions and benefit payments are completely and accurately recorded in

the proper period.

• Investment transactions, balances and related income are completely and

accurately recorded in the proper period.

• Scheme documents (deeds, policies, contracts, booklets etc) are complete, up to

date and securely held.

No exceptions

noted

4 Safeguarding assets

• Member and scheme data is appropriately stored to ensure security and

protection from unauthorised use.

• Cash is safeguarded and payments are suitably authorised and controlled.

No exceptions

noted

5 Monitoring compliance

• Contributions are received in accordance with scheme rules and relevant legislation.

• Services provided to pension schemes are in line with service level agreements.

• Transaction errors are rectified promptly and clients treated fairly.

No exceptions

noted

6 Reporting to clients

• Periodic reports to participants and scheme sponsors are accurate and complete

and provided within required timescales.

• Sign off by actuarial / admin team confirming benefit statements are ready to go.

• Annual reports and accounts are prepared in accordance with applicable law

and regulations.

No exceptions

noted


7 Information technology

7.1 Restricting access to systems and data

• Physical access to computer networks, equipment, storage media and program

documentation is restricted to authorised individuals.

• Logical access to computer systems, programs, master data, transaction data

and parameters, including access by administrators to applications, databases,

systems and networks, is restricted to authorised individuals via information

security tools and techniques.

• Segregation of incompatible duties is defined, implemented and enforced by

logical security controls in accordance with job roles.

* Exception noted:

Physical access to the building: We were unable to obtain evidence that physical access to the

building was removed for one leaver, from our sample of six leavers selected to test the physical

access removal controls.

We note however that for this leaver, the network and application access was deactivated in a timely

manner, thereby restricting access to the PSAL systems.

7.2 Providing integrity and resilience to the information processing

environment, commensurate with the value of the information held,

information processing performed and external threats

• IT processing is authorised and scheduled appropriately and exceptions are

identified and resolved in a timely manner.

• Data transmissions between the service organisation and its counterparties are

complete, accurate, timely and secure.

• Appropriate measures are implemented to counter the threat from malicious

electronic attack (e.g. firewalls, anti-virus etc.).

• The physical IT equipment is maintained in a controlled environment.

No exceptions

noted

7.3 Maintaining and developing systems hardware and software

• Development and implementation of new systems, applications and software,

and changes to existing systems, applications and software, are authorised,

tested, approved and implemented.

• Data migration or modification is authorised, tested and, once performed,

reconciled back to the source data.

No exceptions

noted

7.4 Recovering from processing interruptions

• Data and systems are backed up regularly, retained offsite and regularly tested

for recoverability.

• IT hardware and software issues are monitored and resolved in a timely manner.

• Business and information systems recovery plans are documented, approved,

tested and maintained.

No exceptions

noted

7.5 Monitoring compliance

• Outsourced activities are properly managed and monitored.

No exceptions

noted


8. Control procedures and reporting accountants’ tests

1. Accepting clients

Accounts are set up and administered in accordance with client agreements and applicable regulations.

Control activity and description BDO test procedures

1.1 Process

Due diligence checks, including Anti Money

Laundering (AML) procedures are completed as part

of the initial client set up process. No appointment

is accepted until the process is completed.

An Anti-Money Laundering Verification form is

completed by the Client Manager and forwarded to

PS Administration Limited’s compliance department.

Control

PS Administration Limited’s compliance department

maintains a central database to record that

verification forms have been completed for all new

clients prior to the commencement of the contract.

We verified that PS Administration Limited’s

Compliance Department maintained a central

database to record that verification forms had

been completed for all new clients prior to the

commencement of the contract.

For the sample of new clients selected, verified

through the inspection of documentation that due

diligence checks, including AML procedures had been

completed as part of the initial client set up process.

No appointments were accepted until the process

had been completed.

No exceptions noted

1.2 Process

Following appointment, a ‘handover period’ is agreed

with a date when full administration will commence.

All scheme data and documentation is requested

from the current administrator. A standard data

request form is used to ensure that all relevant data

and information is requested.

Control

When information is received a basic check is

conducted by the Client Team or Business Services

Group (BSG) (where relevant) to ensure that the

correct information / data has been received.

Items received are checked off against the data

request form and the installation checklist by the

Client Team.

For a sample of new clients selected, verified

through the inspection of documentation that when

information is received, a check is conducted by the

Client Team or BSG (where relevant) to ensure that

the correct information / data had been received.

Verified through the inspection of documentation

that items received are checked off against the data

request form and the installation checklist by the

Client Team.

No exceptions noted


1.3 Process

Data received is verified reviewed and loaded by the

supervisor.

Control

Once the supervisor / client lead is satisfied that

the data is complete and valid it is loaded on to the

relevant systems. Completion of the transfer of data

is evidenced by a formal sign off from the supervisor

/client lead.

The migration to the relevant systems is confirmed

by BSG once the system is released to live.

For a sample of clients selected, verified through

the inspection of documentation that once the

supervisor / client lead was satisfied that the data

was complete and valid, it is loaded on to the

relevant systems. Completion of the transfer of

data was evidenced by a formal sign off from the

supervisor / client lead.

Further verified through the inspection of

documentation that the migration to the relevant

systems was confirmed by BSG once the system is

released to live.

No exceptions noted

1.4 Process

DC records are set up to mirror totals held by the

previous administrator in accordance with individual

elections.

Controls

Totals are reconciled to the previous administrators’

totals for each investment fund, and individual

records spot-checked by the supervisor. Any

differences or anomalies are identified and corrective

action is taken as necessary.

For a selected sample, verified through the

inspection of documentation that the migration

totals were reconciled to the totals held by the

previous administrator and confirmed that where

differences or anomalies were identified, these

were investigated and corrected. The migration

reconciliation was signed off by the administrator

responsible and reviewed by their supervisor.

No exceptions noted

1.5 Process

The BSG Team (where involved) along with the

Client Team manage and monitor the client take

on process.

Progress of the implementation is reported on

according to the communication strategy agreed for

the project.

Control

Any issues identified during the process are resolved

with the previous administrator or the sponsoring

employer.

Once all stages have been completed the project is

closed off by the Project Manager or the Client Lead,

where appropriate.

For a sample of schemes selected, verified through

the inspection of documentation that any issues

identified during the process are resolved with the

previous administrator or the sponsoring employer.

Once all stages had been completed, the project was

closed off by the Project Manager or the Client Lead,

where appropriate.

No exceptions noted

1.6 Process

An application to set up a new scheme bank account

is completed by the administrator or cashier if

required by the terms and conditions agreed with

the client.

The application is signed by the trustees with a

mandate granting signing rights to authorised

signatories within PS Administration Limited.

Control

The cashier team will process payments in

accordance with the bank mandate which has

been authorised by the Trustees.

For a sample of clients selected, verified through the

inspection of documentation that the cashier team

processed payments in accordance with the bank

mandate which had been authorised by the Trustees.

No exceptions noted


Complete and authorised client agreements are operative prior to initiating administration activity.

1.7 Process

A tailored, client-specific administration agreement

which includes an administration and data

protection agreement is drawn up, reviewed and

amended as required.

Control

Work only commences once the appointment

documentation has been acknowledged by the

trustees in writing.

For a sample of new schemes clients selected,

verified through the inspection of documentation

that work only commences once the appointment

documentation has been acknowledged by the

trustees in writing.

No exceptions noted

Pension schemes taken on are properly established in the system in accordance with the scheme rules and individual elections.

1.8 Process

The client team define the calculation requirements

for the scheme and identify the automation

methodology to be used – PenScope, of spreadsheet

functionality or manual calculations.

Appropriate sections are set up on PenScope to

reflect the scheme rules and individual elections.

Calculations are specified in accordance with the

scheme rules.

Where PenScope automation is selected, ITM Ltd

programmes the calculations.

Control

Calculations and automation methodology for each

section to be coded are identified by the client team

and signed off by the Client Lead. Approval for the

calculations to be programmed is authorised by the

Managing Director or such individuals who have

delegated authority.

Calculation specifications for each section to be

coded are created by the Client Team / BSG. These

specifications are then signed off by the Client Lead

or the Scheme Actuary (where specified by client).

A sample of calculations are manually recalculated

in accordance with the scheme rules and checked

by the supervisor to confirm that the results

match. ITM Ltd programmes the calculations to

the specifications and test cases provided. Once

the Client Team / BSG have completed testing and

resolved any issues with ITM Ltd, formal sign off is

required before the calculations are released.

Where manual or spreadsheet automation is to

be provided calculations are set up in accordance

with the calculation specifications and results are

tested against test cases provided. The calculation

methodology adopted is signed off by the Client

Lead or the Scheme Actuary (where specified by

client) before being released.

For a sample selected, verified through the

inspection of systems and documentation that the

client team defined the calculation requirements

of the scheme and identified the automation

methodology. Further, verified that appropriate

sections of PenScope were set-up, tested to verify

that they were operating in accordance with scheme

rules, and authorised by the appropriate parties prior

to go live.

For a sample of calculations, verified that manual

recalculation occurred and were checked by the

appropriate person to confirm that the results match.


that ITM Ltd had programmed the calculations and

that these had been tested and signed off before

implementation in the live environment.

For a sample of manual calculations, verified that

the calculations are set up in accordance with

the calculation specifications and the calculation

methodology was signed off by the appropriate person.

No exceptions noted


2. Authorising and Processing Transactions

Contributions to defined contribution plans, defined benefit schemes, or both, and transfers of members’ funds between investment options are processed accurately and in a timely manner.


2.1 Process

DC contributions are allocated in accordance with

members’ choices as advised on client monthly

schedules.

Investment instructions are sent to the investment

manager. The investment manager sends a

transaction note from which the system price is

updated.

Where schemes are set up to enable STP, investment

instructions are sent electronically to the Investment

Manager. Electronic success/failure confirmations

from the Investment Manager are automatically sent

back when processed. Updated unit holdings and

system prices are automatically received daily from

the Investment Manager.

Control

The total contribution amount allocated is

reconciled to the total on the client schedule by

an administrator and signed off by the supervisor.

System units are reconciled to manager units monthly

by an administrator and signed off by the supervisor.

Unallocated balances are reviewed and investigated

with remedial action being taken as necessary.

Straight Through Processing (STP) instructions are

checked and approved in the Altus Gateway by the

Checker or Checker Manager. The status of electronic

transactions is monitored by the administrator

and supervisor. An email alert is sent to the BSG if

system prices are not automatically updated and

corrective action is taken as necessary.


the inspection of documentation that the total

amount allocated was reconciled to the total on the

client schedule by an administrator and signed off by

the supervisor.

Furthermore, verified through the inspection of

documentation that STP transactions were also

reviewed and approved in the Altus Gateway by

two separate people and the status of electronic

transactions was monitored by the administrator

and supervisor.

No exceptions noted


2.2 Process

Lifestyle switches are activated by the DC

admin system.

Instructions to disinvest and invest member and

lifestyle switches are sent to the investment managers.

Where schemes are set up to enable Straight

Through Processing (STP), investment instructions

are sent electronically to the investment manager.

Electronic success/failure confirmations from the

investment manager are automatically sent back

when processed.

Control

The relevant checklist is completed by an

administrator and signed off by the supervisor.

Lifestyling is triggered in accordance with the

lifestyling matrix.

System units for lifestyle switches are reconciled

to manager units by an administrator and signed

off. Any differences or anomalies are identified and

corrective action is taken as necessary.

STP instructions are checked and approved in the

Altus Gateway by the checker or checker manager.

The status of electronic transactions is monitored by

the administrator and supervisor.

For the sample of schemes selected, verified through

the inspection of documentation and enquiry that

lifestyle switches were activated by the DC admin

system. The lifestyle switches were executed in

accordance with the lifestyling matrix and a checklist

was signed off by the administrator and the approver.

System units for lifestyle switches were reconciled

to manager units by the administrator and signed

off with differences or anomalies investigated and

corrected if necessary.


the inspection of documentation that the STP

instructions in the Altus gateway were reviewed and

approved by the checker and checker manager.

No exceptions noted

2.3 Process

DB contributions are received from the client. A

cashflow forecast is completed by an administrator,

checked and signed off in accordance with the

specific procedure for each scheme by the supervisor.

Funds are invested/disinvested as per the cashflow

results.

Control

The cashflow forecast for investments is checked

and any errors are corrected before investment/

disinvestment.

Where subsequent changes are required to allow

for any cash movements between date of forecast

and actual investment/disinvestment, this must

be clearly authorised by the supervisor. Cashflow

reports are issued to clients where agreed.


inspection of documentation that the cashflow

forecasts were completed by an administrator,

reviewed for accuracy and signed off by the

supervisor. We note that for a sample of one month

for a particular scheme, no cashflow forecast was

prepared as the disinvestment of funds for the

previous month had just been received and there

was no further change to any cash movement.


the inspection of documentation that the cashflow

forecasts were reviewed for accuracy and any errors

were corrected before investment/disinvestment.

No exceptions noted


Benefits payable and transfer values are calculated in accordance with scheme rules and relevant legislation and are paid on a timely basis.

2.4 Process

Benefit calculations are either generated

automatically by the system (as programmed), or

manually by reference to the rules.

The workflow system ensures that each case is done

and independently checked.

Control

The process is checked by another administrator

using the electronic checklist on Alfresco to identify

any errors/omissions. Remedial action is then taken

where necessary.

The checklist ensures all necessary steps in the

process have been followed and completed before

the case can be authorised by an appropriate

individual.

For those processes where the workflow system is

in place, the system ensures that each process is

completed by an administrator and independently

checked by an authorised person. The process can

only be authorised once all of the required steps

have been completed.

Calculation details are only issued once the workflow

has been fully authorised. The authorised person will

also use the checklist to ensure that all stages have

been completed and are accurate.


the inspection of documentation that calculations

were signed off by a preparer and a reviewer and

checklists were completed signifying that all actions

had been completed. Further, verified that the

approved calculation was accurately communicated

to members.

No exceptions noted

2.5 Process

As part of the payroll process an exceptions report

is printed for review by the supervisor. The report

highlights any starters, leavers or adjustments to

gross pay being processed that month.

Control

Payroll differences from one month to the next are

reconciled by a payroll administrator, checked and

signed off by an authorised person. Any discrepancies

are resolved before payment is made.

The payroll is approved by two authorised

signatories for transmission by the BACS bureau. A

monthly timetable is used to monitor the processing

of each scheme’s payroll. The timetable is monitored

and maintained by the payroll supervisor to ensure

the deadlines are met.


the inspection of documentation and systems that

as part of the payroll process, an exception report

is produced and reviewed and payroll differences

are reconciled to the previous month, resolved and

approved by an authorised signatory.


the inspection of documentation that payroll is

signed off by at least two individuals.


the inspection of documentation that a monthly

timetable is maintained by a payroll supervisor to

monitor the processing of each scheme’s payroll.

No exceptions noted


3. Maintaining financial and other records

Member records consist of up to date and accurate information and are updated and reconciled regularly.


3.1 Process

Scheme data is amended on an ad-hoc basis.

Modifications to membership data are processed

in accordance with mail, telephone, fax or email

requests from members or scheme-authorised

personnel.

All requests received are logged onto the workflow

system to ensure all cases are actioned.

Control

For those processes where the workflow system is

in place, the system ensures that each process is

completed by an administrator and independently

checked by an authorised person. The process can

only be authorised once all of the required steps

have been completed. The authorised person reviews

the electronic checklist on Alfresco to ensure that all

necessary steps have been completed.

For a sample of amendments, verified through the

inspection of the system that a workflow existed in

Alfresco for scheme data amendments and each of the

sample amendments had a “maker” and a “checker”.

No exceptions noted

3.2 Process

Scheme data is kept up to date through periodic

(usually annual) data loads from the employer’s

payroll and HR data records.

Control

Renewal checks are conducted to highlight possible

errors such as significant changes in salary. These are

investigated and resolved by administrators prior to

data being loaded. Once queries have been resolved,

the data is uploaded to the relevant administration

database.

A year end checklist is prepared by an administrator

and signed off by the supervisor to confirm the

completeness and accuracy of the data loaded.

For a sample of schemes selected, verified through the

inspection of systems and documentation, that scheme

data was kept up to date through periodic data loads

from the employer’s payroll and HR data records.


the inspection of systems and documentation that

a year-end checklist was used to manage the annual

data check process and had been completed and

authorised appropriately.

No exceptions noted


Contributions and benefit payments are completely and accurately recorded in the proper period.


3.3a Process

Contributions, receipts and payments are accounted

for in the nominal ledger by posting from the bank

statement or source documentation.

Control

All cash movements are recorded promptly and

reconciled to the bank each month by the cashier.

This is reviewed and signed off by the supervisor. Any

necessary amendments are made and authorised.

Uncashed cheques are monitored on a monthly basis

by the cashier and reviewed by the supervisor.


the inspection of systems and documentation that

contributions, receipts and payments were accounted

for in the nominal ledger by posting from the bank

statement or source documentation.

For the sample of schemes selected, cash movements

were reconciled to the bank statements and

subsequently signed off by the supervisor. These

reconciliations were also used to monitor uncashed

cheques.

No exceptions noted

3.3b Process

Accounting and administration records are reconciled

to one another annually by the accountant. This is

reviewed and signed off by the checker.

Control

Any discrepancies identified under the reconciliation

are corrected as necessary.

For the sample of schemes selected, obtained

supporting documentation and verified that

reconciliations are reviewed and signed off by

the checker. Any discrepancies noted are resolved

accordingly.

No exceptions noted

3.3c

IPS

only

Process

Accounting and administration records are reconciled

to one another annually by the accountant.

This is reviewed and signed off by the supervisor.

Control

Any discrepancies identified under the reconciliation

are corrected as necessary.

For the sample of schemes selected, obtained

supporting documentation and verified that

reconciliations are reviewed and signed off by the

supervisor. Any discrepancies noted are resolved

accordingly.

No exceptions noted

Investment transactions, balances and related income are accurately recorded in the proper period.


3.4 Process

All movements between the scheme and

the investment managers are recorded by

the cashiering team.

Control

These transactions are reconciled at least annually

by accounts team.

For the sample of schemes selected, obtained a copy

of the reconciliations performed and the year-end

checklist and verified that accounts are reconciled at

least annually by the accounts team.

No exceptions noted



3.5 Process

All movements between the scheme and

the investment managers are recorded by

the cashiering team.

Control

Investment transactions are reconciled at least

annually by accounts team.

For the sample of schemes selected, inspected

supporting documentation and verified that client files

are held within network drives with restricted access.

No exceptions noted

4. Safeguarding assets

Member and scheme data is appropriately stored to ensure security and protection from unauthorised use.


4.1 Process

Physical access to buildings is restricted, ensuring

only authorised personnel or authorised visitors gain

access to work stations.

Member and scheme data is retained in a

combination of electronic media and paper files.

Control

All entries and exits have security locks and all staff

are issued access cards or key fobs.

All computer records and data held for members

are password protected and have restricted access

controls for authorised staff only.

Punter Southall Group have archived paper filing

off-site to a specialist organisation thereby ensuring

only current cases are required and retained within

the work area. Punter Southall Group also utilise

scanning of inbound and outbound mail using an

electronic document management system.

Where client agreement is in place member files are

scanned once the relevant process is completed and

paper files are securely destroyed.

For the sample selected, verified through observation

and inspection of documents that access cards to

PSG buildings were provided as part of the induction

process for a new employee.

Verified that they were only granted upon

notification from HR or relevant business heads and,

for out of hours access, by management.

For the sample selected, verified through the

inspection of documentation that a notification was

sent from HR to Building Services to notify them of

leavers whose access to the building needed to be

removed during that week.

Verified through the inspection of documentation that

a quarterly review was carried out by Building services.


the inspection of systems that there is electronic

access security in place and confirmed that user

groups are used to appropriately restrict access to

scheme data and that all computer records and data

held for members are password protected and have

restricted access. Only authorised staff had access to

electronic files.


that contract between Punter Southall and third

party archiving specialists is in place so that only

current cases that are required and kept within the

work area and that these services had been used

during the period.

No exceptions noted


5. Monitoring compliance

Contributions received in accordance with scheme rules and relevant legislation.


5.1 Process

The cashiering team record receipt of all

contributions received.

Control

Checks are run in accordance with the requirements

under the Pensions Act 1995 and trustee practise

for each scheme e.g. for most schemes the cashier

checks payments have been received by 12th of the

month, with a final check for the rest of the schemes

on 20th of the month.

Administrators are advised which contributions

are outstanding and follow up action is taken if

necessary by the administrator. The administrator

will pursue the employer for payment.


the inspection of documentation that there were

reviews of the contributions received list to verify that

payments were made around the 12th of each month.

Verified through inspection of documentation that

there is a second and final review undertaken of the

contributions received list to confirm that payments

were made and this includes the follow up of

missing or late payments.

No exceptions noted

Cash is safeguarded and payments are suitably authorised and controlled.

4.2 Process

Cash movements are recorded on a daily basis.

Cheques received are logged upon receipt and

banked promptly by a member of the cashier team

unless subject to any query. Payment request forms

for cheques and BACS transfers are supplied by

the administrators to the cashiers team. Scheme

expenses are submitted to the cashier department

with a payment request form.

Control

Payment request forms are checked and authorised

by a supervisor. Payment instructions are signed

or authorised electronically by two authorised

signatories in accordance with the bank mandate.

The cashier checks against client specific limits and

authorised signatories shown on customised forms.

Where CashFac is in place, only authorised

signatories have the ability to sign electronically.

The cashier arranges the signature of cheques and

electronic transfers in accordance with the bank

mandate for each scheme. Payment of expenses is

approved only if the payment form is authorised

by a scheme officer or trustee or is within specific

agreed signing requirements for the relevant scheme.


inspection of systems and documentation that cash

receipts were logged upon receipt in the scheme

cash book and banked promptly and that the details

matched the bank statements.

For the sample of scheme payments selected,

verified that payment request forms were filled

in by a member of the administration team,

authorised by a supervisor and payment instructions

were signed by authorised signatories after being

reviewed against client-specific limits and shown on

customised forms.

Verified that CashFac was used for the sample

selected and that only authorised signatories could

sign electronically. Where CashFac was not used,

obtained written confirmation that these were

manually completed. Payment of expenses was only

approved if the payment form was authorised by a

scheme officer or trustee unless it was within the

specific agreed signing requirements for the relevant

scheme.

No exceptions noted


Services provided to pension schemes are in line with service level agreements.

5.2 Process

Day to day work is logged on to the workflow

management system and logged off when completed.

Control

Deadlines are monitored by the administrators to

ensure they are met. Regular reports are produced

at both a team and management level in order to

ensure that standards are being maintained.

Verified through enquiry and observation that

day to day work was logged on to the workflow

management system and logged off when completed.

For a sample of schemes, verified through the

inspection of documentation that deadlines were

monitored by the administrators to confirm they

were met and that regular reports were produced at

both a team and management level in order that the

standards and requirements outlined for each scheme

were being maintained. Confirmed reports were

prepared and reviewed by separate individuals.

No exceptions noted

Transaction errors are rectified promptly and clients treated fairly.

5.3 Process

The administrator checks transactions to ensure that

they are in accordance with relevant instructions.

The administrator will ask the manager to rectify

any transaction issues in a timely manner. If an error

is discovered during the course of an audit this must

be raised with the manager.

Control

For DC schemes the PenScope reconciliation report

will highlight any issues. Once any issues have

been resolved, the reconciliation report is re-run by

the administrator and checked to ensure it agrees.

The admin Client Principal will ascertain whether

there has been any material loss to the client

and authorise payment if required. All errors or

complaints are recorded by the team leader on the

errors and complaints database.


inspection of documentation that the administrator

reviewed transactions to verify that they were in

accordance with relevant instructions. Any error

discovered during the course of an audit was raised

with the manager.


inspection of documentation that for DC schemes,

the PenScope reconciliation report highlighted any

issues and that once any issues had been resolved, the

reconciliation report was re-run by the administrator

and was reviewed to verify it agrees. Verified no

differences in the reconciliations


and observation that all errors or complaints were

recorded by the team leader on the errors and

complaints database.

No exceptions noted


6. Reporting to clients

Periodic reports to participants and scheme sponsors are accurate and complete and provided within required timescales.


6.1 Process

Administration reports, which may include

membership movement analysis and reconciliations,

are produced on the basis and frequency agreed with

the scheme trustees.

Where requested by the trustees, quarterly

administration reports are produced and distributed

to scheme trustees.

Control

The administration reports are checked for

completeness and accuracy and peer reviewed

prior to being issued. Scheme annual events are

monitored on a regular basis by the administrator.


the inspection of documentation that the reports

were checked for completeness and accuracy and

peer reviewed prior to being issued. Scheme annual

events were monitored on a regular basis by the

administrator.

No exceptions noted

6.2 Process

Benefit statements are produced annually from

data held on the administration system and are

despatched within timescales agreed with trustees.

Control

Checks are conducted in accordance with the benefit

statement procedure and signed off in line with the

benefit statement process.

For the sample of schemes selected, obtained and

reviewed supporting documentation and verified that

checklists were completed in accordance with the

benefit statement procedure policy.

No exceptions noted

Annual reports and accounts are prepared in accordance with applicable law and regulations.


6.3 Process

Annual report and accounts are prepared

in compliance with the latest Statement of

Recommended Practise (SORP) for pension schemes

based on a standard reporting format.

Control

The accountant updates the standard reporting

format to take into account any changes in legislation.

Annual accounts are prepared and then checked

by a checker prior to audit. Audited accounts once

approved are signed off by the trustees.

For the sample of clients selected, verified through

the inspection of documentation that the accountant

updates the standard reporting format to take into

account any changes in legislation. Annual accounts

are prepared and then checked by a checker prior to

audit. Audited accounts, once approved, are signed off

by the trustees.

No exceptions noted


6.4 Process

Deadlines for the finalisation and approval of audited

accounts are monitored by administrative and

accounting staff on a regular basis.

Control

A control sheet detailing progress and accounts

deadlines is monitored regularly by the accounts

manager and any necessary action is taken. The

report is circulated to the management group

monthly for information.

Where requirements are in place, a timetable is

agreed with the auditors detailing the key stages of

the audit.


the inspection of documentation that a control

sheet detailing progress and accounts deadlines was

monitored regularly by the accounts manager and any

necessary action was taken. The report was circulated

to the management group monthly for information.

Where requirements are in place, a timetable was

agreed with the auditors detailing the key stages of

the audit.

No exceptions noted

Regulatory reports are made if necessary.

6.5 Process

Documented internal procedures are followed by

administrators who log all breaches in the breaches

log and notify relevant management.

Control

Reports of breaches are made as necessary under

a traffic light reporting system. The managers

will assess and refer where necessary to another

manager. All “amber” or “red” reports made to the

Regulator are copied to the admin risk committee

which monitors reports across the company.


that reports were made as necessary under a traffic

light reporting system. The managers will assess

and refer where necessary to another manager. All

“amber” or “red” reports made to the Regulator are

copied to the admin risk committee which monitors

reports across the company.

No exceptions noted


7.1 Restricting access to systems and data

Physical access to computer networks, equipment, storage media and program documentation is restricted to authorised individuals.


7.1a

(i)

Process

The Punter Southall Group operates its systems

out of dual high availability data centres in

geographically diverse locations. Access is approved

to a limited number of IT Operations staff only and

there are a number of physical and logical controls

in place to prevent unauthorised access.

Control

Keys and key codes are authorised by the ITS

Operations Manager and restricted to authorised

individuals. Authorised individuals can admit others

(e.g. engineers) but will continuously supervise them.

All office entrances and exits are locked and access

is by key cards/fobs issued to staff. Visitors have

restricted access, and must sign in.


PSG operates its systems out of dual high availability

data centres in geographically diverse locations.


no requests were made for access during the period.

Verified through observation and the inspection of

documentation that there were a number of physical

and logical controls in place to prevent unauthorised

access.

Verified through observation that authorised

individuals could admit others but would continuously

supervise them.

Verified through observation that all office entrances

and exits were locked and access was by key cards/

fobs issued to staff.

Verified through observation and the inspection of

documentation that visitors had restricted access and

must sign in.

No exceptions noted

7.1a

(ii)

Process

Access cards/key fobs to Punter Southall Group

buildings are provided as part of the induction

process of a new employee. Upon an employee

leaving the organisation, notifications are sent from

HR to Building Services to notify them that access

needs to be removed.

Quarterly reviews are carried out by Building

Services to ensure access is appropriate.

Control

Access cards to buildings are only granted upon

notification from HR or the relevant business heads.

Access for out of hours working must be authorised

by management.

Access is disabled within a timely manner of the

employee leaving the company and is initiated by

HR/Building Services.

For the sample selected, verified through observation

and inspection of documents that access cards to

PSG buildings were provided as part of the induction

process for a new employee. Verified that they were

only granted upon notification from HR or relevant

business heads and, for out of hours access, by

management.


inspection of documentation that a notification

was sent from HR to Building Services during that

week to notify them of leavers whose access to the

building needed to be removed.


a quarterly review was carried out by Building Services.

Exception noted*

* Exception noted:

We were unable to obtain evidence that physical access to the building was removed for one leaver, from

our sample of six leavers selected to test the physical access removal controls.

We note however, that for this leaver, the network and application access was deactivated in a timely

manner, thereby restricting access to the PSAL systems.


7.1a

(iii)

Process

Laptops are encrypted and configured to have

password protections on boot before issue. Portable

media ports are disabled on thin clients. All laptops

and desktops are configured to enforce encryption

on any portable media device inserted.

Control

Quarterly reports on all laptops docked to the

network are run to identify those staff who have been

provided with local administration permissions, and

the results are reviewed by the Group IT Operations

Manager and authorised by a Senior Consultant.

Exceptions are reported to a PS Administration

Limited Director.


and system settings that laptops were encrypted and

configured to have password protections on boot.


and system settings that portable media ports were

disabled on thin clients.


and system settings that all laptops and desktops

were configured to enforce encryption on any

portable media devices inserted.

For the sample of quarters selected, verified through

the inspection of documentation that quarterly

reports were run on all laptops docked to the network

to identify those staff that had been provided with

local administration permissions and that the results

were reviewed by the Group IT Operations Managers

and authorised by a Senior Consultant.

No exceptions noted

7.1a

(iv)

Process

Application documentation is either stored

electronically under password control or if temporarily

in paper form it remains under the control of the

individual until they destroy the paper copy.

A clear desk policy is in place throughout the Group

to ensure that documentation is securely protected

and all paper files are secured away at night.

Control

Electronic files are held in secure areas and

appropriate system restrictions exist.

The application owner checks annually that key

programme documentation is being kept up to

date and is held securely.


and observation that application documentation was

either stored electronically under password control

or if temporarily in paper form, it remained under

the control of the individual until they destroyed the

paper copy.


that electronic files were held in secure areas and

appropriate system restrictions existed.


that the application owner checks annually that key

programme documentation was being kept up to

date and was held securely.

Verified through observation that a clear desk policy

was in place and all paper files were secured away

at night.

No exceptions noted

7.1a

(v)

Process

System Documentation is either stored electronically

under password control or if temporarily in paper

form it remains under the control of the individual

until they destroy the paper copy.

Control

The IT Security Analyst checks annually that key

programme documentation is being kept up to date

and stored following ITIL and PRINCE2 guidelines as

appropriate to PSAL systems and that only domain

users with appropriate permissions can access them.


and system settings that system documentation was

stored electronically under access control lists.


that the IS Security Analyst checked annually that

key programme documentation was kept up to date

and stored following ITIL and PRINCE2 guidelines as

appropriate to PSAL systems and that only domain

users with appropriate access permissions could

access them.

No exceptions noted


Logical access to computer systems, programs, master data, transaction data and parameters, including access by administrators to applications, databases, systems and networks, is restricted to authorised individuals via information security tools and techniques.


7.1b Process

All access to computer equipment and systems is

protected by alpha numeric passwords. Passwords

are changed on a regular basis and only issued to

authorised personnel.

Any systems which do not have local password

controls are protected by additional means, for

example, group based permissions on application

servers or digital certificate authentication, thereby

preventing access without first logging on to the

password controlled network.

Control

The domain security policy requires and enforces

that passwords must be ‘complex’, a minimum

of 8 characters and cannot be reused (last 24 are

recorded). In addition, access to network data is

strictly controlled through NTFS permissions and

Windows security group PSAL.

Files can only be created on the NTFS file system,

and the system is configured so that appropriate

administration team group based permissions are

always inherited when new files are created.

All users get remote access granted automatically

when they first join as part of the New Joiner

procedure recorded by Service Desk. What they

have access to, is controlled by the RDS access

security group PSAL in Active Directory (AD). Logs

of; (a) which users have been added into the AD

group PSAL and (b) which users have actually

accessed in a given period, are reviewed by the

Group IT Operations Manager and authorised by a

Senior Consultant. Exceptions are reported to a PS

Administration Limited Director.


that all access to computer equipment and systems

was protected by alpha numeric passwords.

Passwords were changed on a regular basis and only

issued to authorised personnel.


that any systems which did not have local password

controls were protected by additional means, for

example, group based permissions on application

servers or digital certificate authentication, thereby

preventing access without first logging on to the

password controlled network.


that the domain security policy required and

enforced that passwords must be ‘complex’, a

minimum of 8 characters and cannot be reused (last

24 are recorded). In addition, access to network data

was strictly controlled through NTFS permissions

and Windows security group PSAL.


files could only be created on the NTFS file system,

and the system was configured so that appropriate

administration team group based permissions were

inherited when new files were created.


that all remote access was controlled by the RDS

access security group PSAL in Active Directory (AD).

Verified that logs of; (a) which users had been added

into the AD group PSAL and (b) which users had

actually accessed in a given period, were reviewed by

the Group IT Operations Manager and authorised by

a Senior Consultant.


Quarterly reviews of access to the following key

administration applications are completed by the

client lead. Any access changes required to the

following systems are made directly by client lead

(where possible) or via a service desk request:

• PS Admin Database (IPS Only)

• Northgate PS Enterprise

• Profund Aviary

• Bottomline

• CashFac

Additional security is provided by the DELL Intrusion

Protection System which monitors activity within the

Groups network and actively prevents behaviours that

match the signatures of known attacks or look unusual.

Noted that exceptions were reported to a PS

Administration Limited Director.


quarterly reviews of access to the key administration

applications were completed by the client lead. Any

access changes required were made directly by client

lead (where possible) or via a service desk request.


that additional security was provided by the DELL

Intrusion Protection System which monitored activity

within the Groups network and actively prevented

behaviours that matched the signatures of known

attacks or looked unusual.

No exceptions noted

Segregation of incompatible duties is defined, implemented and enforced by logical security controls in accordance with job roles.

7.1c Process

All staff have clearly defined roles and responsibilities

which are set by the department manager.

Control

Access to different applications is restricted as

appropriate to the job role.

Where access to an application is required, a formal

request must be made via the Service Desk which

will then seek a supervisor’s approval. Subject to an

application’s security model, application privilege

levels may be set within an application, by end users

with supervisory roles, or via formal requests to

ITS / BSG.


all staff had clearly defined roles and responsibilities

which were set by the department manager.


that access to different applications was restricted

as appropriate to the job role.


that where access to an application was required, a

formal request was made via the Service Desk which

would then seek a supervisor’s approval. Subject to

an application’s security model, application privilege

levels were set within an application, by end users

with supervisory roles, or via formal requests to

ITS / BSG.

No exceptions noted


7.2 Providing integrity and resilience to the information processing environment, commensurate with the value of the information held, information processing performed and external threats.

IT processing is authorised and scheduled appropriately and exceptions are identified and resolved in a timely manner


7.2a

(i)

Process

Data transmission of financial data such as payroll

uses secure encryption algorithms.

Control

Bottomline software encrypts BACS transmissions.

Payroll data which is sent externally for international

payments is sent via a secure website.


that data transmission of financial data such as

payroll, used secure encryption algorithms.


Bottomline software encrypts BACS transmissions and

payroll data was sent via a secure website.

No exceptions noted

7.2a

(ii)

Process

Core systems have documented operating

procedures.

Control

Documentation relating to PSAL specific applications

is reviewed annually to ensure they remain up

to date. Application documentation is reviewed

following each release of PSAL’s internally

developed applications.

Key processing is logged on all our critical

applications (PSAL Database (IPS Only), PenScope,

Filenet/Alfresco, Northgate PS Enterprise, Profund

Aviary, CashFac and Bottomline) via a built-in audit

trail and is available for review in the event of

any incidents.


core systems had documented operating procedures.


that documentation related to PSAL specific

applications were reviewed annually to ensure they

remained up to date. Application documentation was

reviewed following each release of PSALs internally

developed applications.


that key processing was logged on all PSALs critical

applications (PSAL Database (IPS Only), PenScope,

Northgate PS Enterprise, Profund Aviary, CashFac and

Bottomline) via a built-in audit trail and was available

for review in the event of any incidents.

We noted through enquiry, that there is no in built

audit logging for the systems Alfresco but selective

logging does occur.

No exceptions noted

7.2a

(iii)

Process

The monitoring of scheduled data downloads from

the Altus Investment Gateway web service via the

Windows Service (PenScope) on the PenScope

application server.

Control

In the event of a scheduled download failing,

automated alerts are sent to BSG, IT or Service Desk

ticketing system to ensure timely resolution.


that scheduled data downloads were monitored to

verify they had been successful.


that in the event of a scheduled download failing,

automated alerts were sent to IT or PSALs Service

Desk ticketing system to ensure timely resolution.

No exceptions noted


Data transmissions between the service organisation and its counterparties are complete, accurate, timely and secure.


7.2b

(i)

Process

Data transmission of payroll financial data uses

secure encryption algorithms. Only authorised

personnel can handle financially sensitive data with

permissions set on a scheme by scheme basis.

Control

BACS Bureau facilities are used to process and transmit

payments facilitated through Hardware Security

Module issued by the bank sponsoring the payroll

bureau. Authorisation of payments is made using a

passcode which is only known to authorised employees.

BACS transmissions may only be submitted once

there has been dual approval with an independent

member of payroll verifying the information that has

been previously entered.

A triennial review of BACS Bureau Service is carried

out by BACS to ensure that service complies with

the recommended standards.


that data transmission of payroll financial data

used secure encryption algorithms. Only authorised

personnel could handle financially sensitive data

with permissions set on a scheme by scheme basis.


that BACS Bureau facilities were used to process

and transmit payments facilitated through Hardware

Security Module issued by the bank sponsoring

the payroll bureau. Authorisation of payments was

made using a passcode which was only known to

authorised employees.


that BACS transmissions could only be submitted

once there had been dual approval with an

independent member of payroll verifying the

information that had been previously entered.


that a triennial review of PSALs BACS Bureau Service

was carried out by BACS to verify that their service

complied with the recommended standards.

No exceptions noted

7.2b

(ii)

Process

Transmissions of data to and from clients are made

via a secure website facility.

Control

Access to the facility is made using individual logon

accounts with complex passwords of 8 characters.

Email alerts are generated when any data is

uploaded to the site.

Verified through the inspection of documentation and

observation that transmissions of data to and from

clients were made via a secure website facility.


access to the facility was made using individual logon

accounts with complex passwords of 8 characters and

that email alerts were generated when any data was

uploaded to the site.

No exceptions noted


Appropriate measures are implemented to counter the threat from malicious electronic attack (e.g. firewalls, anti-virus etc.)


7.2c Process

All external access to the network is strictly

controlled.

Perimeter Firewalls and Endpoint software are in

place, with Anti-Virus updates disseminated to all

computers operating on the PSG networks.

Security testing is performed annually by a third

party provider to ensure network vulnerabilities are

identified and addressed.

Control

An industry standard firewall is in place on the PSG

network and there are rules set to restrict traffic

between public and secure networks. An industry

standard antivirus is in place on all computers

operating on the Punter Southall Network. Antivirus

definitions are updated from the vendor and

disseminated to computers on the network within

an hour.

Results of the annual penetration test are reviewed by

the IT Security Analyst and IT Operations Manager.

Results from the test are submitted to the

Information Security Sub Committee (ISSC) to assess

risks and implement remedial actions where required.


that security testing was performed annually by a

third party provider to ensure network vulnerabilities

were identified and addressed.


that an industry standard firewall was in place on

the PSG network and there were rules set to restrict

traffic between public and secure networks.


that an industry standard antivirus was in place

on all computers operating on the PSG Network

and that antivirus definitions were updated from

the vendor and disseminated to computers on the

network within an hour.


that results of the annual penetration test

were reviewed by the IT Security Analyst and IT

Operations Manager.


that the results from the test were submitted to the

Information Security Sub Committee (ISSC).

No exceptions noted


The physical IT equipment is maintained in a controlled environment.


7.2d Process

Critical IT infrastructure is located in a Tier 3 offsite

data centre. Access is approved to a limited number

of IT Infrastructure staff only by the IT Operations

Manager.

Secure data storage providing an independent

copy of all data held in the offsite data centres is

located in a secure computer equipment room in

the 11 Strand London HQ office and restricted to

authorised individuals only.

Control

Branch office server and network equipment are

located in secure server rooms accessed by pass key

wherever office space allows. PSG datacentres are

provided by SunGard Ltd and are operated under

ISAE3402 guidelines. Local office keys and key codes

are authorised by the IT Operations Manager and

restricted to authorised individuals only.

Where office space does not allow this, the entire

office is secured to the same level using key codes

for the small numbers of staff involved. Logs are kept

of all visitors.

Verified through documentation that Critical IT

infrastructure is located in an offsite data centres.

Verified that access is restricted to IT Operations

only and that any additional access must be

formally approved by the IT Operations Manager.

Through physical inspection and observation of

systems verified that an independent copy of the

data storage was maintained in a secure computer

room based at 11 Strand, London. Further verified

that access to the computer room was restricted via

keypad.


that no access requests were made during the period.

Verified through observation and the inspection

of documentation that branch office server and

network equipment were located in secure server

rooms accessed by pass key wherever office space

allows, that PSG data centres were provided by

SunGard Ltd and are operated under ISAE 3402

guidelines and that local office keys and key codes

were authorised by the IT Operations Manager and

restricted to authorised individuals only.

Verified through observation that where office space

does not allow this, the entire office was secured to

the same level using key codes for the small numbers

of staff involved and logs were kept of all visitors.

No exceptions noted


7.3 Maintaining and developing systems hardware and software.

Development and implementation of new systems, applications and software, and changes to existing systems, applications and software, are authorised, tested, approved and implemented.


7.3a Process

A formal change management methodology is

used to implement new and revised infrastructure

changes, application version increments and

significant application developments. Documentation

for these projects are maintained within a central

project documentation library.

Control

BSG Managed Projects

All current Business Services Group projects are

managed with an adapted PRINCE2 process.

The BSG’s “project development lifecycle” has to

be followed for each new application project –

this ensures that the project, development and

change methodologies are followed. The project

documentation is maintained by the Business

Services Group or the application owner (depending

on application affected), is signed off / approved by

the business representative and reviewed / audited

by the application owner.

ITS Managed Projects

All current ITS projects are managed with an

adapted PRINCE2 process. Project documentation

and reporting is held in dedicated web sites [Claizon

& SharePoint] which are secure and available in

agreed business hours to all concerned. Documents

are indexed based on content and are easily

retrievable. User permissions are created for all

documents in order to control who may access or

edit certain files. These documents are managed and

controlled by the subject owner who is normally the

assigned Project Manager. Delivery of infrastructure

and software elements of all projects are controlled

by ITIL Change Management procedures within the

Hornbill helpdesk system and are linked to system CI

(Configuration Item) for software and hardware (VM

or Physical) associated with the project.

For the sample of changes selected, verified through

the inspection of documentation that a formal change

management methodology existed and was used to

implement new and revised infrastructure changes,

application version increments and significant

application developments.

Verified through inspection of documentation that

for a selected sample of changes, the project plan

had been approved and reviewed and that the

documentation for these projects were held in a

central repository.

While we were unable to obtain evidence of initial

authorisation for the changes sampled, we were

however, able to obtain evidence of testing and

approval prior to going live. The initial approvals

could not be evidenced as the workflow tool used to

capture approvals for changes had changed during the

period under review.

No exceptions noted


Data migration or modification is authorised, tested and, once performed, reconciled back to the source data.


7.3b Process

The Business Services Group and application owner

are responsible for data migration projects. A

detailed testing procedure is followed for all data

migrations. This includes sample data checks and full

reconciliation back to the source data.

Control

Issue logs are used to capture all issues and eventual

resolution of any issues.

The results of any sample data checks and the

reconciliation are reviewed by the application owner

to ensure that no errors have been created and the

data has been migrated completely and accurately.

Final sign off is required from application owner

before the change can be released to live.

Verified through enquiry and the inspection of

documentation that the requirement for the

database migration was initiated from the fact

that PSAL had performance issues with the original

setup where the web and database servers were on

the same servers. ITM had defined and set out the

requirements (the need for separating the servers)

in their PID.

Verified through enquiry and the inspection of

documentation that the results of any sample data

checks and the reconciliation were reviewed by the

application owner to ensure that no errors had been

created and the data has been migrated completely

and accurately.

Final sign off was required from application owner

before the change can be released to live.

No exceptions noted


7.4 Recovering from processing interruptions.

Data and systems are backed up regularly, retained offsite and regularly tested for recoverability.


7.4a

(i)

Process

Backups are taken on a daily basis with a full backup

taken at the end of the week.

Control

The Group maintains a twin data centre design

(SunGard data centres TC2 and TC3), with all

systems and data replicated across both data

centres, ensuring that there are multiple copies

of the data available. In the unlikely event that a

data centre was made unavailable to the Group, it

can make all systems and data available from the

remaining data centre using the data that has been

backed up there through the replication.

Different replication approaches (i.e. frequency of

the replication, data storage tiers and hence the

speed with which they can be restored) are used for

systems with different business criticalities, as some

require restoration within an hour, with other non-

critical systems not being required for up to a week

after a data centre outage.

In addition to this, the Group backs-up all systems

and data to separate storage based at the 11 Strand

offices every day, this is done automatically with

emails alerts being produced on completion. These

emails are reviewed by IT Ops each day and all

failures are reviewed and remedied. A random file

restore is also carried out to ensure that the files

backed up can be restored and used if required. Both

the review of the back-up emails and the successful

file restore are recorded on the daily checks checklist.

Obtained evidence to verify that incremental backups

were taken on a daily basis with a full backup being

taken at the end of the week.

Verified through the inspection of systems and

documentation that a twin data centre design was

implemented across both data centres, ensuring that

multiple copies of data were available.


enquiry that, during business continuity planning, the

business identified the business criticality of each of

their systems.

Verified that the business criticality was reflected in

the selection of the frequency of replication and data

storage tiers and other settings within VEEAM.


inspection of documentation that the group back up

all systems and data to separate storage based at

the 11 Strand Offices every day and that an email

alert is automatically produced on completion of the

backup process.

Further verified through the inspection of

documentation that these emails were reviewed by IT

Operations every day and that failures were reviewed

and remedied. This was evidenced on the daily backup

checks checklist.

A random file restore was also carried out successfully

and the results recorded on the daily backup checks

checklist.

No exceptions noted


7.4a

(ii)

Process

All systems and data are hosted on high availability

virtual servers with mirrored SAN RAID disk systems

which helps ensure no loss of data through media

failure. Virtual server backups are replicated across

the 2 geographically separate data centres as well as

an independent copy sent to offsite storage.

Windows Shadow Copy is enabled across all storage

servers allowing instant restoration of deleted or

corrupted files from snapshots taken not less than

once day.

Control

Virtual environment is monitored daily to ensure

that it is functioning correctly with new, known and

resolved issues reported. Backup logs are emailed daily

with exceptions recorded by the IT Operations team.


system settings that all systems and data were hosted

on high availability virtual servers with mirrored SAN

RAID disk systems.


and system settings that virtual server back-ups

were replicated across the 2 geographically separate

data centres.

For a sample of weeks selected, verified through the

inspection of documentation that an independent copy

of virtual server back-ups was sent to offsite storage.


and system settings, that Windows Shadow Copy

was enabled across all storage servers allowing

instant restoration of deleted or corrupted files from

snapshots taken at least once a day.

For the sample of days selected, verified through

the inspection of documentation that the virtual

environment was monitored daily to ensure that

it was functioning correctly with new, known and

resolved issues reported.


that back-up logs were emailed daily with exceptions

recorded by the IT Operations Team.

No exceptions noted

IT hardware and software issues are monitored and resolved in a timely manner.


7.4b Process

All hardware and system problems are recorded via

a dedicated Service Desk procedure.

Control

Incidents and Problems are only defined once they

have reached the helpdesk system based on ITIL

guidelines; any other ad-hoc requests for assistance

are not classified as faults.

Open tickets in the service desk are reviewed on

a monthly basis to ensure that issues are being

resolved in a timely manner. In addition, a number

of tools are used to proactively monitor the PSG

network and server environments.


that all hardware and system problems were

recorded via a dedicated Service Desk procedure.


inspection of documentation that open tickets in

the service desk were reviewed on a monthly basis

to ensure that issues were being resolved in a timely

manner. In addition, a number of tools were used

to proactively monitor the PSG network and server

environments.

No exceptions noted


Business and information systems recovery plans are documented, approved, tested and maintained.


7.4c Process

Recovery Plans which provide for the recovery of all

key business processes are in place.

Control

Recovery plans for PSAL exist and are maintained and

cover the applications and systems which support all

business processes carried out at each location.

All plans are based around a recovery point, time and

capacity objectives that have been agreed within the

business and reflect the Group’s strategy for business

continuity. The plans are reviewed and tested annually

to ensure they remain appropriate. Test results are

reported to the Admin Risk Committee.


recovery plans which provide for the recovery of all key

business processes were in place.


recovery plans for PSAL exist and were maintained and

cover the applications and systems which support all

business processes carried out at each location.


all plans were based around a recovery point, time and

capacity objectives that have been agreed within the

business and reflect the Group’s strategy for business

continuity and that the plans were reviewed and tested

annually so that they remain appropriate.


that test results are reported on to the Admin Risk

Committee.

No exceptions noted


7.5 Monitoring compliance.

Outsourced activities are properly managed and monitored.


7.5a

(i)

Process

Outsourced activities are actively managed and

monitored. Service Level Agreements are in place,

covered by appropriate contracts and monitored by

either the Business Services Group or the central

PSG IT infrastructure team depending on activity.

Control

Pension administration system maintenance and

development has been outsourced to ITM Ltd. A

contract is in place with ITM Ltd detailing services

being supplied together with appropriate Service

Level Agreements. Regular governance and service

review meetings are held.


that outsourced activities were actively managed and

monitored and that Service Level Agreements were in

place, covered by appropriate contracts and monitored

by either the Business Services Group or the central

PSG IT infrastructure team depending on activity.


that pension administration system maintenance and

development had been outsourced to ITM Ltd, that a

contract was in place with ITM Ltd detailing services

being supplied together with appropriate Service Level

Agreements and that regular governance and service

review meetings were held.

No exceptions noted

7.5a

(ii)

Process

PSG IT outsources some network monitoring and

management tasks to a third party Wide Area

Network solutions provider – SSE. PSG also have

Service Level Agreements in place with SSE, covered

by appropriate contracts and monitored by the IT

Operations Team.

Control

Real time monitoring of all network services is carried

out 24/7 by ITS using SolarWinds Event management

and action taken if needed direct with SSE under ITIL

Incident Management tracked in Hornbill.


that PSG IT outsource some network monitoring

and management tasks to a third party Wide Area

Network solutions provider – SSE.


that PSG also have Service Level Agreements in

place with SSE, covered by appropriate contracts

and monitored by the IT Operations team.

Verified through observation and the inspection

of documentation that real time monitoring of

all networks was carried out 24/7 by PSG IT using

SolarWinds Event Management.

We were informed that there were no issues during

the period.

No exceptions noted

7.5a

(iii)

Process

Network services provided by third parties are

reviewed on an on-going basis to ensure the services

provided, meet the organisations requirement.

Control

The services are reviewed by both the IT Operations

Manager and IT Director, any issues are escalated to

the IT Governance Board.

Verified through enquiry that network services

provided by third parties were reviewed on an

on-going basis to ensure that the services provided

met the organisations requirements.

Verified through enquiry that the services were

reviewed by both the IT Operations Manager and

IT Director.

Verified through enquiry that there were no issues

during the period.

No exceptions noted


9. Prospective customer disclaimer letter

Private and Confidential

The Directors 13 October 2017 PS Administration Limited 11 Strand London WC2N 5HR

Dear Sir/Madam

Release of the 2017 AAF 01/06 Report to prospective customers of PS Administration Limited.

The 2017 AAF 01/06 report which covers the internal controls relating to pension administration services provided by PS Administration Limited (the ‘service organisation’) as at 31 March 2017 has been prepared by the directors of the service organisation principally for the purposes of providing information to organisations who were customers at 31 March 2017. You have asked us to agree to you providing to prospective customers, i.e. organisations that were not customers at 31 March 2017, a copy of the 2017 AAF 01/06 report which included our service auditor’s assurance report (‘our assurance report’).

We confirm that we are agreeable to you so doing on the clear understanding that our assurance report was addressed to you and was prepared on your instructions as set out in our engagement letter dated 20 February 2017. The report was not prepared for the benefit of any prospective customers and therefore items of possible interest to prospective customers may not have been specifically addressed by the 2017 AAF 01/06 report or the work supporting our assurance report. Nor does BDO LLP warrant or represent that the information in the 2017 AAF 01/06 report or work done in connection with our assurance report is appropriate for the interests or purposes of prospective customers. For the foregoing reasons the 2017 AAF 01/06 report cannot in any way serve as a substitute for enquiries and procedures that prospective customers would (or should) undertake and judgements they should make for the purpose of satisfying themselves regarding any matters of interest to them. Furthermore, we (BDO LLP, its partners, employees and agents) accept no duty or responsibility (whether in contact or in tort and including, without limitation, negligence and breach of statutory duty) and deny any liability to prospective customers or to any other third party in relation to our assurance report or otherwise, whether or not the 2017 AAF 01/06 report or our assurance report therein influences the decision or action of any prospective customer or any other party.

Prospective customers are also bound by a duty of confidentiality to BDO LLP, as well as to you. Consequently the 2017 AAF 01/06 report, and information obtained from it, must not be made available or copied in whole or in part to any other person without our prior written permission which we may, at our discretion, grant, withhold or grant subject to conditions (including conditions as to legal responsibility or absence thereof).

Notwithstanding our consent to the release of the 2017 AAF 01/06 report to prospective customers, our assurance report remains addressed to you and it is a matter for you to decide whether the release of the 2017 AAF 01/06 report is appropriate in the circumstances.

To ensure that prospective customers have a clear understanding of the terms under which our assurance report is being provided to them, a copy of this letter should accompany our assurance report.

Yours faithfully

For and on behalf of BDO LLP

55 Baker Street London W1U 7EU Telephone: +44 (0)20 7486 5888 Facsimile: +44 (0)20 7487 3686 DX 9025 West End W1 Web site: www.bdo.co.uk


PSAL offices

Birmingham1 Colmore Row, Birmingham B3 2BJ T 0330 202 0770 E [email protected]

Edinburgh7 Castle Street, Edinburgh EH2 3AH T 0330 202 0770 E [email protected]

Newcastle 36 Gallowgate, Newcastle upon Tyne NE1 4TD T 0330 202 0770 E [email protected]

BristolQueen’s Quay, 33-35 Queen Square, Bristol BS1 4LU T 0330 202 0770 E [email protected]

London11 Strand, London WC2N 5HR T 0330 202 0770 E [email protected]

WokinghamAlbion, Fishponds Road, Wokingham, Berkshire RG41 2QE T 0330 202 0770 E [email protected]

ChelmsfordPriory Place, New London Road, Chelmsford CM2 0PP T 0330 202 0770 E [email protected]

PerthSaltire House, 3 Whitefriars Crescent, Perth PH2 0PA T 01738 503 400

© PSAL 2017. PSAL and PS Administration are both trading names of PS Administration Limited. Registered in England and Wales No. 09428346. Registered office: 11 Strand, London WC2N 5HR.

This communication is based on our understanding of the position as at the date shown. It should not be relied upon for detailed advice or taken as an authoritative statement of the law.

A Punter Southall Group company

For further information, visit our website at www.psadmin.com

Assurance Report on Internal Controls (AAF 01/06) Report 2017.pdf · Contents 1. Chief...

Documents

Transcript of Assurance Report on Internal Controls (AAF 01/06) Report 2017.pdf · Contents 1. Chief...