Page 55 - NovDefComp
P. 55

involved  in  initiating,  authorizing, recording,  processing, and  reporting  transactions;
                                 this includes the correction of incorrect information and how information is transferred
                                 to the reports and other information prepared for user entities;

                              (4) how the system captures and addresses significant events and conditions other than
                                 transactions;
                              (5) the process used to prepare reports and other information for user entities;

                              (6) services performed by a subservice organization, if any, including whether the carve-
                                 out method or the inclusive method has been used in relation to them;

                              (7) the  specified  control  objectives  and  controls  designed  to  achieve  those  objectives,
                                 including,  as  applicable,  complementary  user  entity  controls  and  complementary
                                 subservice organization controls assumed in the design of the service organization’s
                                 controls;

                              (8) other aspects of our control environment, risk assessment process, information and
                                 communications  (including  the  related  business  processes),  control  activities  and
                                 monitoring activities that are relevant to the services provided.

                         ii.  includes relevant details of changes to MassMutual’s system during the period covered by
                              the description.

                        iii.  does not omit or distort information relevant to MassMutual’s system, while acknowledging
                              that the description is prepared to meet the common needs of a broad range of user entities
                              of  the  system  and  their  auditors,  and  may  not,  therefore,  include  every  aspect  of  the
                              Defined  Benefit and  Defined  Contribution Recordkeeping  Operations System that  each
                              individual  user  entity  of  the  system  and  its  auditor  may  consider  important  in  its  own
                              particular environment.

               b) The  controls  related  to  the  control  objectives  stated  in  the  description  were  suitably  designed  and
                  operating effectively throughout the period October 1, 2019 to September 30, 2020 to achieve those
                  control  objectives  if  subservice  organizations  and  user  entities  applied  the  complementary  controls
                  assumed in the design of MassMutual’s controls throughout the period October 1, 2019 to September
                  30, 2020. The criteria we used in making this assertion were that:

                         i.   the risks that threaten the achievement of the control objectives stated in the description
                              have been identified by management of MassMutual;
                         ii.  the controls identified in the description would, if operating effectively, provide reasonable
                              assurance that those risks would not prevent the control objectives stated in the description
                              from being achieved; and

                        iii.  the  controls  were  consistently  applied  as  designed, including  whether  manual  controls
                              were applied by individuals who have the appropriate competence and authority.




               Massachusetts Mutual Life Insurance Company






                Massachusetts Mutual Life Insurance Company (MassMutual®), Springfield, MA 01111, and its affiliated Companies.

                                                              7
   50   51   52   53   54   55   56   57   58   59   60