Page 26 - NovDefComp
P. 26
MASSACHUSETTS MUTUAL LIFE INSURANCE COMPANY
Defined Benefit and Defined Contribution Recordkeeping
Investment Service Operations System
Compliance and Ethics Department performs regular risk assessments to select MassMutual
operations for business reviews.
The results of the risk assessments and any subsequent audits or reviews are communicated to
MassMutual management and the business risk management function in ERM. ERM works with operations
to help ensure actions identified and required to mitigate risk are taken.
In addition to the above and with respect to MassMutual management’s SOC 1 ® assertion process,
MassMutual management annually reviews the narrative description, the control objectives it has set, and
the design of individual controls identified to help achieve those objectives. MassMutual operations have
charted their risks and review existing process descriptions with departmental groups to help ensure that
(a) new or changing risks are identified early, (b) the design of controls are still valid, and (c) staff are aware
of their responsibilities with regards to ensuring the controls operate effectively. Upon completion of the
review, the results of the assessments are compared with existing policies and if appropriate changes are
made. This process also occurs during the year when business changes may dictate it.
Control Activities
MassMutual employs a number of control activities to help ensure DB and DC plans are administered in
accordance with policies and procedures. A formal program is in place to help ensure its policies and
procedures are complete, accurate and kept current. Changes to policies and procedures are reviewed and
approved by management and communicated to associates via weekly newsletters, team meetings, web
casts, or formal classroom training.
Controls are established to check for timeliness, accuracy, completeness and authorization as well as
activities encompassing the physical and logical security of assets, records, and systems. In addition, the
responsibilities of MassMutual and other support areas are allocated among personnel to segregate select
processing and recording of transactions, investment trading, reconciliation activities, application
development, and compliance and control monitoring.
Monitoring
MassMutual management utilizes a variety of reports and monitoring mechanisms to help ensure controls
are in place and functioning as intended. Such reports include:
Visual Boards displaying the status of pending transactions
Suspense Account Reporting
Quality Review Results Reporting
Financial Account Reconciliations
Daily Pricing Variances
Deficiency and Incident Reporting
System Batch Monitoring Reporting
Enterprise Risk Management and other corporate governance risk and control functions regularly review
and assess business and information technology operations to determine whether reporting and monitoring
mechanisms are utilized by MassMutual management. Issues are timely communicated to senior
management and the board of directors as appropriate, and follow-up actions are taken as necessary.
MassMutual Defined Benefit and Defined Description of the System Provided by
Contribution Investment Service Operations MassMutual
System
15
