Remote Transfer Agent Processing System · (DST) applicable to the Remote Transfer Agent Processing System (TA2000) and the TRAC ... DST applied the controls contemplated in the design

1

Remote Transfer Agent Processing

System

TA2000/TRAC Internal Control Report For the Period of October 1, 2009 to September 30, 2010

2

The contents of this report and all computer systems, procedures, databases, software programs, documentation

and other materials (collectively “Information”) created, maintained or provided by DST Systems, Inc.

(“DST”), are proprietary to DST and are confidential. Any unauthorized use or disclosure of any DST

Information may result in civil liabilities.

Any person who knowingly and without authorization discloses or takes any DST Information that is

confidential, proprietary, or a trade secret, residing or existing internal or external to a computer, computer

system, or computer network or who knowingly and without authorization accesses or causes to be accessed

any computer, computer system, or computer network of DST’s or containing DST Information, may be subject

to criminal penalties under applicable law.

No part of any DST Information may be reproduced, stored, disseminated or used, in any form or by any means,

mechanical, electrical, or otherwise, without the prior written permission of DST. Each authorized reproduction

of any part of DST Information must contain notice of DST’s copyright as follows: “Copyright 2010 by DST

Systems, Inc.”

© 2010, DST Systems, Inc. All rights reserved.

TA2000 and TRAC are registered trademarks of DST Systems, Inc. AWD is a registered trademark of DST

Technologies, Inc. Top Secret is a registered trademark of Computer Associates. Other products and company

names mentioned herein are the trademarks of their respective owners.

TA2000 Remote Transfer Agent Processing System SAS 70

Twelve months ended September 30, 2010

DST Systems, Inc.

333 West 11th

Street

Kansas City, MO 64105–1594

www.dstsystems.com

Prepared in U.S.

Table of Contents Report of Independent Auditors ..........................................................................................1

Chapter I: DST’s Description of TA2000 Remote Operations Transaction

Processing and Information Processing General Computer Controls 3

Scope of Report ...................................................................................................................5

Description of DST Systems, Inc. .......................................................................................8

Organizational Overview .................................................................................................. 10

Organization and Management Controls ........................................................................... 13

Data Center Support .......................................................................................................... 17

Information Security Administration ................................................................................ 23

Application Overviews ...................................................................................................... 26

Review of Transaction Systems ........................................................................................ 34

User Control Considerations ............................................................................................. 40

Chapter II: DST’s Control Objectives, Controls and Tests of Operating

Effectiveness of TA2000 Remote Operations Transaction Processing

Controls 43

TA2000 Transaction System Processing Controls ............................................................ 47

TA2000 Subaccounting Transaction System Processing Controls .................................... 87

TRAC Transaction System Processing Controls ............................................................... 89

Chapter III: DST's Control Objectives, Controls and Tests of Operating

Effectiveness of Information Processing General Computer Controls 121

IT General Computer Controls ........................................................................................ 125

Information Processing General Computer Controls ...................................................... 143

TA2000, TA2000 Subaccounting and TRAC Application Software Modifications

and Job Monitoring ................................................................................................ 143

AWD Application Software Modification ............................................................. 146

TA2000 Desktop/TA2000 Subaccounting Desktop/TRAC Desktop/DST

SmartDesk/Compliance Workstation Application Software Modifications ........... 147

FAN Web/Vision/TRAC Web/E-commerce Core Application Software

Modification ........................................................................................................... 148

TA2000 Subaccounting Interface Monitoring ........................................................ 149

Chapter IV: Information Provided by the Service Auditor 151

Control Environment ....................................................................................................... 154

Test of Controls ............................................................................................................... 154

Chapter V: Other Information Provided by DST 157

Management's Responses to Identified Exceptions ......................................................... 159

Overview of Business Continuity Plan ............................................................................ 160

PricewaterhouseCoopers LLP 1100 Walnut, Suite 1300

Kansas City, MO 64106

Telephone (816) 472 7921 Facsimile (816) 218 1890

www.pwc.com

REPORT OF INDEPENDENT AUDITORS

To the Board of Directors of DST Systems, Inc.:

We have examined the accompanying description of the controls related to DST Systems, Inc.

(DST) applicable to the Remote Transfer Agent Processing System (TA2000) and the TRAC

Defined Contribution Participant Recordkeeping System (TRAC). Our examination included

procedures to obtain reasonable assurance about whether (1) the accompanying description

presents fairly, in all material respects, the aspects of DST‟s controls that may be relevant to a

user organization‟s internal control as it relates to an audit of financial statements; (2) the

controls included in the description were suitably designed to achieve the control objectives

specified in the description, if those controls were complied with satisfactorily and the clients of

DST applied the controls contemplated in the design of DST‟s controls; and (3) such controls

had been placed in operation as of September 30, 2010. The control objectives were specified

by the management of DST. Our examination was performed in accordance with standards

established by the American Institute of Certified Public Accountants and included those

procedures we considered necessary in the circumstances to obtain a reasonable basis for

rendering our opinion.

In our opinion, the accompanying description of the aforementioned controls presents fairly, in

all material respects, the relevant aspects of DST‟s controls that had been placed in operation as

of September 30, 2010. Also, in our opinion, the controls, as described, are suitably designed to

provide reasonable assurance that the specified control objectives would be achieved if the

described controls were complied with satisfactorily and clients of DST applied the controls

contemplated in the design of DST‟s controls.

In addition to the procedures we considered necessary to render our opinion as expressed in the

previous paragraph, we applied tests to specific controls to obtain evidence about their

effectiveness in meeting the control objectives, during the period from October 1, 2009 to

September 30, 2010. The specific control objectives and controls and the nature, timing, extent

and results of the tests are listed in Chapters II and III. This information has been provided to

clients of DST and to their auditors to be taken into consideration, along with information about

the internal control of clients, when making assessments of control risk for clients. In our

opinion, the controls that were tested were operating with sufficient effectiveness to provide

reasonable, but not absolute, assurance that the specified control objectives were achieved during

the period from October 1, 2009 to September 30, 2010.

The relative effectiveness and significance of specific controls at DST and their effect on

assessments of control risk at client organizations are dependent on their interaction with the

controls and other factors present at individual client organizations. We have performed no

procedures to evaluate the effectiveness of controls at individual clients of DST.

The description of controls at DST is as of September 30, 2010 and the information about tests

of the operating effectiveness of specific controls covers the period from October 1, 2009 to

September 30, 2010. Any projection of such information to the future is subject to the risk that,

because of change, the description may no longer portray the controls in existence. The

potential effectiveness of specific controls at DST is subject to inherent limitations and

accordingly, errors or fraud may occur and not be detected. Furthermore, the projection of any

conclusions, based on our findings, to future periods is subject to the risk that changes made to

the system or controls or the failure to make needed changes to the system or controls, may alter

the validity of such conclusions.

The information included in Chapter V describing DST‟s business continuity plan and

management's responses to identified exceptions is presented by DST to provide additional

information and is not part of DST‟s description of controls that may be relevant to clients‟

internal control as it relates to an audit of financial statements. Such information has not been

subjected to the procedures applied in the examination of the description of controls, related to

transaction processing and accordingly, we express no opinion on it.

This report is intended solely for use by the management of DST, its clients and the independent

auditors of its clients.

November 15, 2010

Chapter I:

DST’s Description of TA2000 Remote

Operations Transaction Processing and

Information Processing General Computer

Controls

Scope of Report 5

Copyright © 2010 DST Systems, Inc.

Scope of Report

This report is designed to describe the control environments surrounding the Remote

Transfer Agent Processing System (TA2000) and the Remote Defined Contribution

Recordkeeping Processing System (TRAC).

The objective of this report is to provide information to clients regarding DST's

internal controls relevant to DST Remote clients over DST Remote transfer agent

processing for open end and closed end mutual funds and non-traded real estate

investment trusts (REITs) as well as recordkeeping activities supporting defined

contribution processing. It has been prepared taking into consideration guidance

described in the American Institute of Certified Public Accountants (AICPA)

Statement on Auditing Standards No. 70 (SAS 70), Service Organizations.

The overall control environment of the Remote TA2000 and TRAC systems consists

of the following components:

Organization and management controls.

Controls programmed into the TA2000, TA2000 Subaccounting and TRAC

system software (system controls).

Interaction of controls at DST with Remote client user controls.

Controls over the Information Systems (IS) function in the Mainframe, UNIX,

Windows and IBM Power Systems (iSeries, formerly known as AS/400)

environments at the Winchester Data Center and AWD Data Center.

Controls over the IS function relating to TA2000, TRAC, TA2000 Desktop,

TA2000 Subaccounting Desktop and TRAC Desktop/DST

SmartDesk/Compliance Workstation processing environment at the Winchester

Data Center and AWD Data Center.

Controls over the IS function relating to the FAN Web/TRAC

Web/Vision/E-commerce Core processing environment at the Winchester Data

Center.

Controls over the Automated Work Distributor (AWD) Information Processing

General Computer Controls applicable to those clients that have outsourced those

activities to DST and whose AWD information resides on DST‟s iSeries platform,

which is housed in the AWD Data Center and the Winchester Data Center.

Another level of control consists of the control activities exercised by the client. User

controls will vary depending on the specific function involved and on the extent of

services that DST provides to each individual client. This report does not consider

activities that are performed at client locations. However, this report, when coupled

with an understanding of controls in place at user locations, is intended to permit

evaluation of the system of internal controls surrounding transactions processed

through the TA2000, TA2000 Subaccounting and TRAC systems.

6 TA2000 Remote Transfer Agent Processing System – SAS 70


This report is organized into five chapters:

Chapter I DST’s Description of TA2000 Remote Operations Transaction Processing

and Information Processing General Computer Controls

o Provides an overview of DST.

o Describes organization and management controls and details the internal

control responsibilities that DST believes its Remote transfer agent clients

should have present in their control environments, in conjunction with the

DST controls described in Chapters II and III.

o Provides an overview of the TA2000 Transfer Agent Processing system, the

TRAC Defined Contribution Recordkeeping Processing system and those

activities over the transaction processing for Remote shareowner accounts.

o Provides an overview of the general controls over the IS function in the DST

TA2000, TA2000 Subaccounting and TRAC, Mainframe, UNIX, iSeries,

Windows, FAN Web/TRAC Web/Vision/E-commerce Core, TA2000

Subaccounting Desktop, AWD, TA2000 Desktop and TRAC Desktop/DST

SmartDesk/Compliance Workstation environments at the Winchester Data

Center and AWD Data Center.

Chapter II DST’s Control Objectives, Controls and Tests of Operating Effectiveness of TA2000 Remote Operations Transaction Processing Controls

o Provides the control objectives and controls over Remote transaction

processing established by DST.

o Includes the tests and results of operating effectiveness for those controls over

Remote transaction processing.

Chapter III DST’s Control Objectives, Controls and Tests of Operating Effectiveness of Information Processing General Computer Controls

o Provides the control objectives and controls over the IS function established by

DST.

o Includes the tests and results of operating effectiveness for those controls over

the IS function.

Chapter IV Information Provided by the Service Auditor

o Provides a description of the nature of tests applied to the TA2000, TA2000

Subaccounting and TRAC transaction system processing controls and the IS

function controls by DST‟s independent service auditors,

PricewaterhouseCoopers LLP (PwC).

Chapter V Other Information Provided by DST

o Management‟s Responses to Identified Exceptions.

o Overview of DST‟s Business Continuity Plan.

Scope of Report 7


This is a 12-month report which includes results for the period October 1, 2009 to

March 31, 2010, which were also included in the previous report dated May 14, 2010.

The management responses in Chapter V include details around the six-month period

in which the exception was identified. Responses preceded by “3/31/10” relate to

exceptions identified and communicated in the prior report. Responses preceded by

“9/30/10” relate to newly identified exceptions. For those control activities with

exceptions identified during both time periods, separate responses are included.

Areas Not Covered By This Report This report does not cover the control environment as it relates to Full Service clients

although, by necessity, sections of this report address certain controls pertinent to Full

Service clients. Full Service clients should refer to the DST TA2000 Full Service

Transfer Agent Processing report, which describes control aspects relevant to Full

Service users as of September 30, 2010 and for the previous 12 months.

This report does not cover activities that are performed at client locations as described

in User Control Considerations on page 40. It is not designed to provide assurance

regarding client specific application functionality and/or automated controls that are

unique to a single client or group of clients. Additionally, this report does not consider

controls related to lines of business other than the transfer agent or shareowner

servicing business.

In addition, there are certain aspects of DST services to clients that are not covered by

this report, which include, but are not necessarily limited to, the following:

Remote installations of TA2000 Desktop.

Remote installations of TA2000 Subaccounting Desktop.

Remote installations of TRAC Desktop/DST SmartDesk/Compliance Workstation.

Remote installations of AWD.

Conversions to/from TA2000 and TRAC.

Printing and mail services other than those provided by DST Output – Kansas City

and DST Output – Hartford.



Description of DST Systems, Inc.

DST Systems, Inc. (DST) is a global provider of information processing and computer

software services and products to the financial services industry (primarily mutual

funds and investment managers), telecommunications industry, the healthcare industry

and other service industries. These services, which may be provided on a remote

(client-hosted systems) or full service (DST-hosted systems) basis, include

recordkeeping and processing for the healthcare, mutual fund, banking and insurance

industries. Revenues are derived primarily from remote or full service transfer agency

or third-party administration product offerings that utilize DST's software applications

being processed at its data centers or derived from presentation and delivery (either

printed or electronic) and archival of customer documents, and are based upon the

number of statements mailed and/or the number of images produced.

Description of DST Systems 9


DST Organizational Chart

Board of Directors Audit Committee

Chief Executive

Officer

President

DST Output

President

and Chief

Operating Officer

Chief Information

Officer

Enterprise Systems

Executive Vice President

U.S. Recordkeeping

Solutions

Vice President

Winchester Data

Center

Vice President

DST Solutions &

Hosting Services

Vice President

Human

Resources

Vice President

and Chief Accounting

Officer

Officer

Internal Audit

Vice Presidents

Client Services

Vice President

Development

Vice President

Full Service

Vice President

Corporate

Support

Officers

Full Service

Directors

Full Service

Client Relations

Manager

Officer

Corporate

Support

Officer

Regulatory

Solutions

Director

Cash Control

Systems Officers

Administrative

Officer

Officer

Systems

Development

Vice President

Chief Financial Officer

and Treasurer

Vice President

General Counsel

and Secretary

Systems Vice

Presidents

Director

Information

Security

Director

Systems Support

Vice President

Support

Vice Presidents

Product Areas

Vice President

DST Worldwide

Services

Vice President

AWD



Organizational Overview

Financial Services DST, based in Kansas City, Missouri provides information processing, computer

services, and products that are designed to provide a vital link between clients and

their customers. DST is also a registered transfer agent with the Securities and

Exchange Commission (SEC), providing shareowner servicing functions to the mutual

fund industry and certain real estate investment products. The recordkeeping and

shareowner servicing system (TA2000 System or TA2000) was designed to provide

Full Service processing or to provide services to clients on a remote basis.

Full Service clients use virtually all available services offered by DST including input,

transaction processing and output control. Remote clients use the DST system,

wherein all transaction input, output and review is performed at the clients‟ locations.

Partial Remote clients use more services than traditional Remote clients, but not all of

the services included in the definition of a Full Service client.

Additionally, DST offers retirement plan processing capabilities through the TRAC

Defined Contribution Participant Recordkeeping System (TRAC) that permit financial

institutions to efficiently and effectively support the needs of plan sponsors and their

participants. TRAC's integration with TA2000 helps eliminate reconciliation problems

that can occur when different systems are used for participant recordkeeping and

shareowner accounting.

Data Processing DST uses two data centers in the Kansas City area to support computer operations and

data processing. The Winchester Data Center (Winchester) is the primary data center

and the AWD Data Center, also known as the Poindexter Data Center, primarily

houses iSeries operations. DST owns and maintains a Recovery Data Center located

approximately 250 miles from Kansas City.

Output Solutions DST Output, a wholly owned subsidiary of DST, is among the largest first-class

mailers in the U.S., providing single-source, integrated print and electronic statement

and billing output solutions. Every month, DST Output prints, mails and electronically

delivers bills, statements, marketing materials, policy statements, proxies, summary

prospectuses, tax applications, explanations of benefits and other business-critical

client communications.

Statement processing services are supported by integrated and automated production

environments that transform electronic data received from clients into customized

Organizational Overview 11


statements that can be delivered in print or electronic format in accordance with

individual client preferences.

Business Process Management DST Technologies, Inc. is a wholly owned subsidiary of DST. DST‟s Automated

Work Distributor (AWD) application from DST Technologies, Inc. is an enterprise-

scale software system that enables companies to further develop operating efficiency.

AWD‟s automation components allow customers to streamline tasks in which human

interaction is not required. The AWD platform also includes imaging and content

management, business intelligence and monitoring, a contact center desktop with

proactive call scripting, intelligent character and word recognition capabilities and

correspondence tools. Clients include banking, financial services, insurance,

healthcare and video/broadband companies.

Shareholder Solutions DST TASS, a wholly owned subsidiary of DST, provides shareowner subaccounting

services related to mutual fund processing to Broker Dealers using the TA2000

Subaccounting platform. Through this line of business, DST TASS offers a Full

Service outsourcing solution to meet Broker Dealer needs and requirements for

mutual fund processing and servicing.

Retirement Solutions DST Retirement Solutions, a wholly owned subsidiary of DST, provides defined

contribution recordkeeping services. DST Retirement Solutions combines DST's

TRAC technology solution with Boston Financial Data Services, Inc.‟s (BFDS)

defined contribution Full Service plan administration and recordkeeping services.

From application service provider (ASP) to business process outsourcing (BPO), DST

Retirement Solutions offers a variety of selective outsourcing options, including front-

and back-office technology solutions for financial service organizations offering

retirement plan recordkeeping for plans of varying size.

Health Solutions DST Health Solutions, LLC, a wholly owned subsidiary of DST, offers a

comprehensive set of software solutions to the marketplace that addresses many facets

of health plan, administrator, and physician business operations, from managed care

and physician practice administration to decision support, e-business transactions, and

operational work flow. DST Health Solutions provides a variety of solutions for

health plan administration that can support any size and type of organization; from

start-up and small provider-sponsored health plans to third-party administrators and

large national health plans with a significant number of members.



Argus Health Systems Argus, a wholly owned subsidiary of DST, provides a full suite of services that allows

customers to manage their pharmacy benefits by choosing the services offered by

Argus that best fit their needs. The systems developed by Argus are designed to

provide pharmacy benefits management, claims adjudication, reconciliation and

rebate processing solutions that are scalable, flexible, and highly reliable. These

systems are primarily housed at Winchester.

Argus supports a wide range of customers and key healthcare organizations, from

managed care organizations to Pharmacy Benefits Managers (PBMs) and

pharmaceutical manufacturers. Argus processes pharmacy claims on behalf of its

customers to support their various lines of business including commercial, Medicaid

and Medicare Part D.

Worldwide Services DST Worldwide Services, LLC (DSTWS), a wholly-owned subsidiary of DST, is

headquartered in Kansas City, MO, with associates located in the United States,

Bangkok, Thailand and Hyderabad, India. DSTWS provides Information Technology

and Business Processing services in support of other DST subsidiaries, and to external

clients in the financial services, communications, and healthcare industries.

Information technology services include: Systems Development and Support, Testing

Automation and Abstraction, Data Conversions and Migrations, Infrastructure

Monitoring and Management, Database Management, E-Business Solutions,

Reporting and Datawarehousing, Content Management and Specialist Sourcing across

various platform arenas. Business Process Outsourcing (BPO) services include

healthcare claims processing and mutual fund transaction processing.

Organization and Management Controls 13


Organization and Management Controls

Management controls are typically not specific to any individual transaction system;

rather, they are general in nature and apply to the organization as a whole. The

objective of organization and management controls is to establish an appropriate

control environment to enhance internal control activities and therefore help achieve

internal control objectives. Appropriate management controls are necessary to

facilitate the proper functioning of the overall control environment.

The DST Organizational Structure described in the DST Organizational Overview is

designed along functional lines. Divisions are assigned responsibilities for specific

clients and for processing related to those groups. DST‟s organizational structure

includes segregation of duties and provides defined areas of functional responsibility

over transaction processing areas.

DST has structured its organization into client service groups and centralized support

groups, governed by the Board of Directors and Audit Committee, whose

responsibilities include administering DST policies and procedures.

Board of Directors The Board of Directors meets on a regular basis to review and discuss the operations

of DST, financial results, key strategic initiatives, pending transactions and other

business as deemed appropriate. DST management reports to the DST Board of

Directors. Board members are required to have sufficient time, business and financial

knowledge and industry expertise to serve on the Board of Directors. The Board meets

at least quarterly and has input on three committees, each with respective charters:

DST Audit Committee.

DST Corporate Governance/Nominating Committee.

DST Compensation Committee.

Each committee is comprised of independent directors.



Audit Committee

The Audit Committee oversees DST's policies and procedures, which are designed to

ensure that controls are adequate and support regulatory standards and other business

requirements. Audit Committee members provide an appropriate line of

communication between the Board of Directors, the internal audit function and

external auditors. Internal and external audit findings, recommendations and related

management responses are reviewed along with copies of the internal and external

audit reports. The Audit Committee maintains meeting minutes of regularly scheduled

meetings.

Corporate Governance/Nominating Committee

The Corporate Governance/Nominating Committee oversees the evaluation of the

Board and management. The committee is composed of independent members of the

Board of Directors. The committee's primary responsibilities include, but are not

limited to, recommendation of director nominees to the Board, advising the Board on

Board committee appointments and removals, and recommendation and review of

Corporate Governance Guidelines or applicable policies and procedures.

Compensation Committee

Executive officer compensation is overseen by the Compensation Committee, which

also evaluates incentive plans and stock compensation awards. The committee is

composed of independent members of the Board of Directors.

Internal Audit Department The Internal Audit Department reports functionally to the Audit Committee of the

Board of Directors. Internal Audit performs ongoing operational, financial,

information technology and regulatory compliance audits of business and support

areas to assess the effectiveness of the organization‟s internal controls. Internal Audit

reports are directed to Senior Management and the Audit Committee, and issues

identified are monitored through resolution.

Finance Finance is responsible for recording and maintaining all DST financial activities.

Finance is responsible for the general ledger accounting functions, including accounts

payable, purchasing, fixed assets, and accounts receivable. DST has engaged an

independent audit firm to perform a calendar year annual financial statement audit.

Organization and Management Controls 15


Human Resources Human Resources has standard controls addressing the critical aspects of employment

services including hiring, training, evaluating and terminating associates. Management

has an open door policy which is communicated to employees via the employee

handbook. DST has documented job descriptions for its employees and posts them on

DST‟s Intranet. Responsibilities are linked to specific control activities within the

organization. Annually, supervisors meet with and review the job performances of

employees. These evaluations are linked to changes in employee compensation.

Corporate Policies DST has formal corporate policies and procedures that are utilized to inform

employees of relevant laws, regulations, industry compliance responsibilities and

company practices. All employees receive training on ethics, conduct and behavior in

the workplace during new associate orientation and on a periodic basis thereafter. In

addition, newly-hired employees and contractors are required to read and sign an

acknowledgement form for the following corporate policies as applicable:

Business Ethics and Legal Compliance Policy

Acceptable Use Policy (Computer and Telephone Systems)

Insider Trading Policy

Security/ID Procedures

SecurID Policy

Communication Policy

Non-Disclosure Agreement

Employees are bonded and new employees are required to sign an attestation

regarding the confidentiality of DST information. Criminal background checks are

conducted for associates and contractors. Where required to meet regulatory

requirements of the SEC, the background check involves submission of completed

fingerprint cards for DST employees and contractors to the Financial Industry

Regulatory Authority (FINRA) which are then submitted to the FBI to be matched

against its files. Information obtained during the background checks is reviewed by

Human Resources. Identification of a criminal conviction may result in the

termination of an individual‟s employment.



Training and Education Extensive training programs are required for new associates. Training is facilitated by

two groups.

IS Training administers training programs geared towards application

development (such as COBOL, Java programming, etc.).

Center for Education and Development (CED) - Also known as Training and

Development, administers a wide variety of training that covers areas such as

Corporate, Industry Overviews, IT, etc.

The efforts of these groups are supplemented by training programs internal to various

business units at DST.

Risk Management Controls DST has a risk assessment process to identify and manage risks that could affect

DST‟s ability to provide reliable transaction processing to its clients. This process

requires management to identify significant risks inherent to its products or services

and to identify underlying causes of risk, measure the impact to the company,

establish acceptable risk tolerance levels and implement appropriate measures to

monitor and manage these risks. This process has identified risks resulting from the

nature of the services provided by DST and management has implemented various

measures designed to manage these risks.

Data Center Support 17


Data Center Support

Winchester Data Center The Winchester Data Center is DST's primary computer operations and data

processing facility. Winchester occupies a total of 163,000 square feet, of which

76,000 square feet is raised floor computer room space. Winchester runs Mainframe

computers with a combined processing capacity of more than 32,000 million

instructions per second (MIPS) and direct access storage devices with an aggregate

storage capacity that exceeds 270 trillion bytes. Winchester also contains more than

1,000 servers with over 600 trillion bytes of storage capacity supporting Windows,

UNIX and iSeries computing environments. These servers are used to support DST's

products and processing for certain DST affiliates. The physical facility, located in the

Kansas City area, is seismically braced and designed to withstand tornado-force

winds.

AWD Data Center The AWD Data Center supports DST's AWD image processing services. The facility

occupies a total of 13,000 square feet. The computer room houses IBM iSeries

computers, disk-based storage systems, and optical storage systems (over 825 million

images), which support more than 39,000 AWD users. In addition to DST's full

service mutual fund operations, AWD users include clients in the healthcare,

insurance and brokerage industries. The AWD Data Center also houses over 500

servers supporting various DST products and Winchester's remote tape storage using

IBM's automated tape libraries.

Physical Security Security at the Winchester Data Center is achieved through a multi-layered physical

and electronic solution. Physical security includes a dual perimeter fence and concrete

encased steel bollards that prevent vehicles from entering the premises. Bonded and

licensed security guards and police officers are onsite at all times. The electronic

security includes extensive video surveillance, motion detection, disturbance

detection, card access and biometric access solutions.

The Poindexter Building, which houses the AWD Data Center, has one main point of

entry, which is manned by security officers 24 hours a day, seven days a week.

Bonded and licensed security guards provide the AWD Data Center physical security.

Closed circuit recorded security cameras allow security officers to monitor the door to

the AWD Data Center and the exterior of the building. The guards monitor all

cameras in the building.



For both Winchester and AWD Data Centers, visitors, vendors and non-essential

individuals are required to sign in with the security guards in the lobby.

Access to the Winchester and AWD Data Centers requires a key card obtained from

DST Human Resources. Access to Winchester requires that the key card is scanned

when both entering and exiting the facility; the AWD Data Center requires key card

scanning upon entering the facility, the lower level and the computer room floor.

Winchester has installed “anti-pass back” technology on the front doors, displaying a

message at the security station and denying entrance and exit to anyone who did not

scan their key card on their previous trip through the door. If an individual attempts to

exit the building by opening a door at the main entrance without scanning a card, the

doors remain locked and are held shut by magnets while an alarm sounds.

To enter the computer rooms at either site, the individual is authenticated using a

biometric fingerprint reader which reads their fingerprints and detects a pulse and

temperature. The reader verifies that the key card and fingerprints match, and

determines that the individual has been authorized before allowing passage through

the door. There is also a sign-in sheet inside the AWD Data Center Computer

Operations Room, where visitors and vendors are required to sign-in their name,

company affiliation and purpose prior to accessing the AWD Data Center floor.

At the Winchester Data Center, one type of key card is used to gain access to all

secured locations. This key card includes a chip, which the card reader recognizes

when the cardholder passes it in front of the scanner. Winchester limits access to

employees based on where they work on the premises and their associated job

responsibilities. Key cards are coded for various time limitations and also color coded

based on the type of building access granted. If entering the building between the

hours of 5:30pm and 6:00am, all cardholders must sign in at the security station

regardless of their access privileges. There is only one entry point to the Winchester

computer room which is always locked and requires the individual have authorized

access

Key Card Administration

Request forms for key card access to the data centers are submitted to DST Human

Resources. Request forms must contain the access requirements needed and approval

from data center management. If access to the computer room is required, a business

reason must be documented on the request form.

When an associate with access to either data center terminates, the associate‟s

manager reports the termination to Human Resources by completing an Associate

Data Change (ADC) form. Human Resources schedules and conducts exit interviews

with the terminated associate and collects company property including the key card.

Human Resources deactivates or removes physical access for all terminated associates

within one business day of notification. Human Resources also distributes reports of

users with access to each data center, at least quarterly. A designated data center

manager reviews the user access listing, indicates any revisions and certifies the

appropriateness of indicated access.



Systems Overview The following systems are supported by the DST data centers:

Mainframe - The Winchester Mainframe platform supports a variety of

applications used by DST business operations, affiliates and other third-party

users.

iSeries - iSeries mid-range systems are housed in both Winchester and the AWD

Data Center and support applications for DST‟s clients in the mutual fund, REIT,

healthcare, insurance and brokerage industries.

UNIX - UNIX systems, housed at the Winchester Data Center, support the E-

commerce applications for DST‟s business operations, including the web

applications used by DST, its affiliates and third party users for mutual fund,

REIT, healthcare, insurance and brokerage services.

Windows - Microsoft Windows systems are housed in both Winchester and the

AWD Data Center and support applications for DST‟s clients in the mutual fund,

REIT, healthcare, insurance, and brokerage industries as well as internal business

unit applications and application development.

Systems Software Maintenance DST has established change management procedures for system software maintenance

intended to promote successful introduction of changes, minimize the risks associated

with changes and ensure maximum system availability. System software changes

include installations, upgrades, patches and functionality changes. Procedures are in

place to help ensure that system software and hardware changes are authorized, tested,

approved, properly implemented and documented. Documentation of the change

request, approval, testing and implementation are captured and retained in a change

management system.

The Remedy Change Management application is used to process and approve change

requests for the IT Infrastructure for the Winchester and AWD Data Centers. This

includes the Mainframe, UNIX, iSeries and Windows environments.

Network

The Network Services group manages firewalls and routers at Winchester as well as

the AWD Data Center to ensure that E-commerce and external connections are

protected, that security events are logged and monitored and that DST‟s network is

appropriately configured to securely support the E-commerce environment.

Authentication is required before user access is granted to firewalls and routers.

Modifications to network Access Control Lists (ACL) must be recorded in a

centralized change management tool and require strict change control procedures,

which include documentation of the reason for the change. ACL modifications must

be reviewed and approved by authorized Network Services personnel.



The DST Information Security Administration group manages the network Intrusion

Detection Systems (IDS) and ensures that each set of firewalls is appropriately

equipped with IDS to automatically log traffic. Updates to the IDS are automatically

downloaded on a daily basis.

Logical Security of Systems Software DST management has formally documented security policies and procedures to

restrict access to data files and programs. Users are granted access based on their

assigned job responsibilities and each system is configured to restrict access to only

authorized personnel. System administration personnel create and modify user

accounts upon receipt of proper approval. Additionally, DST Human Resources

communicates a daily listing of terminated employees to system administration

personnel and system access is removed. Periodic access reviews are performed by

system administration to determine if access privileges have been properly updated

and approved. Password parameters include but are not limited to the following:

User passwords must be changed every 30-35 days, depending on the system.

Minimum number of days between password changes is seven days.

A history of six previous passwords is maintained to prevent reuse of recent

passwords.

Passwords must contain alphanumeric characters.

Users are systematically locked out after a preset number of failed log-in attempts.

Computer Operations

Monitoring

The Winchester and AWD Data Centers have a shift manager/operator scheduled for

each shift, seven days a week, including holidays. Shift schedules are prepared in

advance and explicitly state who will be the backup if the assigned employee is

unavailable.

Both locations utilize a log to document shift turnover issues, special instructions and

possible recurring problems. Staff turnover meetings are held between shifts to

communicate the details of the current log to the following shift. In addition, at

Winchester, a video board residing in the Service Center provides a visual display of a

variety of monitoring tools that are used to communicate problems.

IBM System Management Facility (SMF), a component of IBM‟s z/OS for

Mainframe computers, is also used to provide logging of all baseline activities running

on the Mainframe operating system. These activities include I/O, network activity,

software usage, error conditions and processor utilization for use in troubleshooting or

performance monitoring.



Backup and Recovery

DST has documented policies and procedures that exist for backup, recovery and off-

site storage of backup.

Winchester Data Center performs both daily incremental and weekly full backups of

TA2000 application and client data, as well as non-TA2000 client data, including

Mainframe operating system data. The data is first sent from Winchester to the DST

Recovery Center. A tape is automatically created by the DR VTS (Disaster Recovery

Virtual Tape System) at the DST Recovery Center. An additional copy of data is sent

from Winchester to the AWD Data Center where a second tape is created. All system

data backups are scheduled through the enterprise job scheduling solution, ESP.

DST also has a mirroring process in place that allows TA2000 application and client

data to be backed up in a peer-to-peer manner. A real-time copy is sent from the

Winchester Data Center to the DST Recovery Center through fiber optic links when a

"write" command occurs on the TA2000 platforms.

UNIX servers, located at Winchester, are backed up to tape daily. A full system

backup is performed when a server is first placed in production. After that, daily

incremental backups are performed. Two copies of backups are made to tape. The first

copy is created at Winchester and stored onsite. Backup data is then transmitted to the

DST Recovery Center where a secondary tape copy is created and retained.

Windows servers are backed up to tape daily. A full system backup is performed when

a server is first placed into production. After that, daily incremental backups are

performed. Two copies of backups are made to tape. The first copy is created at the

server‟s data center and stored onsite. Backup data is then transmitted to the other data

center where a second tape copy is created and retained. Management reviews a report

daily to ensure backups are performed successfully for all Windows servers.

The iSeries systems reside in both the AWD Data Center and Winchester Data Center

and are monitored by the AWD Data Center Operations Team. Backups for the iSeries

environment consist of a two-layer process during which the data is first mirrored to

the other data center in real-time and second, the data is backed up to tape from the

mirrored data. Should disaster recovery be necessary, the mirroring process allows

DST to switch clients from the AWD Data Center to Winchester and vice versa. In

addition to the mirroring process, full backups of iSeries data to tape are performed

daily and a full system backup is performed weekly.

System backups are scheduled, monitored and logged by the scheduled shift manager

and computer operators at both data centers. In the event that there are errors or

problems with the backups, appropriate escalation procedures are in place to resolve

the issue.



Environmental and Continuity Systems The environmental systems at Winchester are fully redundant and fully automatic. If

any component fails or requires service, backup components assume the load. The

energy center at Winchester is a self-contained power plant. In the event of a

commercial power failure or disruption, the system will supply emergency power

without disruption to computer operations. The electrical system includes an

uninterruptible power supply from high-powered batteries and diesel-powered

generators.

Winchester is protected from significant weather events such as lightning strikes and

tornados due to the existence of a lightning deterrence system that encompasses the

entire building and blow out panels that are strategically placed to reduce the impact

of a tornado. Winchester is also built from and reinforced with steel and concrete,

which is inherently fire resistant and designed to withstand tornado-force winds.

The environmental functions at the AWD Data Center are redundant and fully

automated. If a component fails or requires service, backup components

instantaneously assume the load. The AWD Data Center‟s electrical and mechanical

systems can function independent of other systems within the building and the energy

center is a self-contained power plant. In the event of commercial power failure or

disruption, a battery backup system will supply emergency power without disruption

to computer operations. Sophisticated fire protection systems protect the entire facility

and a lightning protection array encircles the building‟s roof.

DST owns and maintains an alternate DST Recovery Center (not within the scope of

this report). If operations at Winchester are unavailable due to disaster, the DST

Recovery Center is provisioned with redundant hardware and software designed to

recover data for those applications which have designated a recovery requirement.

Additionally, a facility near Winchester serves as a crisis management center (not

within the scope of this report). This center allows DST personnel to occupy the

center and respond to telephone calls and transaction requests should backup facilities

be required.

For more details on DST‟s business continuity plan, see Other Information Provided

by DST.

Information Security Administration 23


Information Security Administration

Overview DST‟s Information Security Administration group is responsible for the

confidentiality, integrity and availability of DST‟s information resources through the

establishment, implementation and management of the Information Security Program.

This involves creating, administering and overseeing policies to ensure the prevention,

detection, containment and correction of security breaches. The purpose of the

Information Security Program is to ensure that management, Internal Audit and

regulators are satisfied with the security controls that DST has implemented and that

clients and business partners are confident their information is adequately protected.

Information Security Administration‟s primary responsibilities include:

Developing, approving and publishing new or updated policies, standards and

baselines.

Acting as a liaison with business functions, including Legal and Compliance,

Human Resources, Internal Audit, Risk Management and Systems Development

to ensure fulfillment of the Information Security Program.

Providing guidance and support for information security processes.

Developing information security training and awareness programs and providing

advice and guidance to personnel requiring policy clarification.

Providing support for information classifications, risk analyses, audits and third-

party agreements.

Encouraging personnel to raise potential information security issues with their line

manager or with Information Security Administration and track information

security incidents.

Monitoring general business trends, technological developments, new

threats/vulnerabilities and solutions.

Reporting on the overall sufficiency and effectiveness of the information security

environment.

Working with internal and external auditing groups to assess the effectiveness of

information security processes.

Employing personnel who are equipped with the knowledge, skills, resources and

management support needed to fulfill their roles.

Testing and product evaluation of security elements for technologies, systems or

applications deployed within DST.



The administration of access to DST‟s managed systems on behalf of DST

associates, subsidiaries, affiliates and clients.

Two-Factor Network Authentication DST employs two-factor authentication by associates to access their workstations on

DST‟s network. SecurID tokens are assigned and distributed to new associates by the

Information Security Administration group upon receipt of the new hire roster by

Human Resources. DST provides additional in-house training to new associates on

how to log on to their workstations using their SecurID tokens. All users must perform

this authentication step before they can attempt to gain access to DST application

programs and data files.

TA2000 System Access DST management has formally documented security policies and procedures to

restrict access to data files and programs. Users are granted access based on their

assigned job responsibilities. TA2000 is configured to restrict access to only

authorized personnel. Password parameters are configured as follows:

User passwords must be changed every 30 days.

Minimum number of days between password changes is seven days.

When changing a password, the new password cannot be the same as any of the

six previous passwords.

If a user‟s password is entered incorrectly three consecutive times, the user‟s

account is suspended.

Suspended users must contact Information Security Administration to be

reactivated.

Common or obvious passwords are prohibited.

Passwords must be a minimum of seven alphanumeric characters.

The password cannot be the same as the user‟s identification code.

DST Information Security Administration utilizes a security package to control access

to the TA2000 online system. An operator security record must exist in the security

file for each operator that is allowed access to TA2000. The operator security record

can limit access by client management code. Valid user identification numbers and

passwords are required to access TA2000. Such numbers and passwords are checked

against the security record, which allows access based upon established and approved

online facilities. If no activity has occurred for two hours, the operator is logged off

the system.

Information Security Administration 25


User Administration Additions/Modifications to User Profiles

Management has established and documented policies and procedures for creating and

modifying user accounts. Information Security Administration personnel create and

modify user accounts upon receipt of a properly approved access request form. Users

are granted access to only those programs, data files and functions required to fulfill

their assigned job responsibilities.

DST Human Resources receives daily notification of transferred associates from

Employee Relations. Human Resources communicate inter-departmental transfers to

Information Security Administration on a daily basis. Information Security

Administration reviews each individual on the list to determine if their access

privileges have been properly updated and approved by the appropriate management.

Terminations

On a daily basis, Information Security Administration receives a listing of terminated

employees from DST Human Resources. Access for terminated employees is removed

within five business days. When preparing to remove access from terminated

employees, Information Security Administration checks all systems to ensure access is

appropriately removed. Information Security Administration also receives a monthly

termination listing from Human Resources and performs a review to verify that they

have removed access for all terminated employees.



Application Overviews

TA2000 DST‟s proprietary application system for recordkeeping and accounting is TA2000,

which performs the following shareowner related functions for fund sponsors:

Processing purchases, redemptions, exchanges and transfers of shares.

Maintaining shareowner identification and share ownership records.

Reconciling cash and share activity.

Calculating and disbursing commissions to brokers and other distributors.

Processing dividends.

Creating and tabulating proxies.

Reporting sales.

Providing information for printing of shareowner transaction and statement data

and year-end tax statements.

The system processes equity, fixed income and money market load, no-load, multi-

class funds and open and closed end mutual funds, and non-traded real estate

investment trusts (REITs). TA2000 also performs many specialized tasks, such as

asset allocation and wrap fee calculations. As the foundation of DST‟s transaction

processing activity, TA2000 integrates with other DST products and systems

including TRAC, TA2000 Desktop, TA2000 Subaccounting, TA2000 Voice,

Comp/Recon and AWD.

TA2000 Desktop

TA2000 Desktop is DST‟s graphical user interface for TA2000. It integrates call

center and shareowner accounting functionality into an ergonomically designed

interface for enhancing telephone-based communications. TA2000 Desktop is an

easy-to-use, intuitive call center desktop which was developed to integrate with DST‟s

work management, telephony and other client management technologies. The

application is designed to do the following:

Improve call speed and efficiency by reducing the number of keystrokes.

Permit client services representatives to answer questions and resolve open issues

immediately, thereby eliminating the need to call the shareowner back.

Permit client services representatives to view business events related to an account

and access them instantly by viewing any document generated by the fund sponsor

or shareowner.

Achieve a seamless service approach, enabling clients to differentiate themselves

through optimal client service.

Application Overviews 27


TA2000 Desktop also contains scripted information that clients want conveyed to

callers (for example, new fund information and market and performance information).

It has simplified call center operations to the point that mouse dependence is

significantly decreased and most inquiry calls can be completed in a single desktop

view. In addition, the integration of TA2000 Desktop with DST's work management

system provides clients a more effective method for servicing shareowners.

Installations of TA2000 Desktop at client sites are not included within the scope of

this report. Consequently, it is incumbent upon each user organization to ensure that

adequate controls surround TA2000 Desktop.

Comparison/Reconciliation System (Comp/Recon)

Comp/Recon is DST's internally developed application that gathers shareowner,

deposit, disbursement and bank information from existing DST systems (for example,

TA2000, Distribution Document Processing System (DDPS) and bank transmissions),

balances the transfer agent bank accounts, compares open items for matching and

provides an automated facility for Cash Control personnel to resolve remaining

unmatched items.

TA2000 Voice

TA2000 Voice is a Voice Response Unit (VRU) developed and designed by DST for

shareowners and financial intermediaries. TA2000 Voice enables callers to dial a toll-

free number with voice instructions to retrieve account information and process

transactions at times that are convenient to them. TA2000 Voice employs natural

speech recognition and a corresponding touch tone interface, and complete

customization capabilities enable clients to design unique presentations using Voice

features. TA2000 Voice offers real-time, immediate update and informational retrieval

abilities. Voice processing for shareowners allows two options for providing access to

their account:

SSN/PIN

Fund/Account/PIN

Which option is used is determined by the client. With Speech Recognition, clients

may choose the option of Voice Verification, which allows participants to gain access

by matching the caller‟s voice to a stored voice print, rather than entry of the PIN.



TA2000 Subaccounting The TA2000 system can also perform recordkeeping for subaccounting relationships.

TA2000 Subaccounting provides a product interface which enables a financial

intermediary, acting as a sub-transfer agent, to perform the recordkeeping and

servicing responsibilities of a sub-transfer agent. This product provides a

subaccounting solution to Broker Dealers and other financial intermediaries such as

trust companies, third-party administrators and registered investment advisors for

wrap products.

TA2000 Subaccounting enables the financial intermediary to maintain complete

control of its customer base through a highly automated interface. TA2000

Subaccounting provides the conduit for systematically identifying the administrative

and reconciliation issues that often occur between subaccounts and their

corresponding omnibus accounts.

TA2000 Subaccounting empowers financial institutions with systematic data transfer,

management and transactions controls for subaccount processing.

Data Synchronization Data Synchronization is a TA2000 Subaccounting

feature that provides the functionality to process key information from the mutual

fund platform as well as the National Security Clearing Corporation (NSCC)

Mutual Fund Profile for clients having omnibus relationships. Information

included in the Data Synchronization process includes: daily prices, rates, yields,

and distribution declaration data as well as fund options for TA2000

Subaccounting users. TA2000 Subaccounting provides the support structure to

assist clients in ensuring that this key information is accurate based on the fund

family data available and updates it on a timely basis.

Management Set-Up and Controls The TA2000 Subaccounting security

framework ensures transaction and operational processes are validated.

Subaccounting specific transaction features assist in the automation of workflow.

These features distribute processing items and release transactions upon their

receipt to the omnibus position and/or financial intermediary.

NSCC Interface TA2000 Subaccounting supports the receipt and processing of

Networking, FundSERV, Automated Customer Accounting Transfer Services

(ACATS) and Mutual Fund Profile transmission data as well as the delivery of

Networking, FundSERV, ACATS and Commission Settlement data.

Trade Collection TA2000 Subaccounting utilizes subaccounting processing

parameters as well as the TA2000 NSCC processing flow to validate the

information received. These transactions are evaluated and processed to the

subaccounts using standard TA2000 transaction posting functionality.

Omnibus Roll-up Processing TA2000 Subaccounting provides the ability for

trades processed in trade collection to be aggregated based on setup and controls

established and maintained by the client. This functionality is provided for all

transactions at the transaction level, providing additional flexibility to the client.



TA2000 Subaccounting Desktop

TA2000 Subaccounting Desktop is DST Systems' graphical user interface for TA2000

Subaccounting. It integrates shareowner accounting functionality into an

ergonomically designed interface for enhancing research, correction processing and

trade origination.

TRAC DST offers enhanced retirement processing capabilities that permit financial

institutions to efficiently and effectively support the needs of plan sponsors and their

participants. DST provides a single solution for complying with industry regulations

and meeting all marketing and servicing requirements. TRAC supports any type or

size of defined contribution plan including 401(k), 403(b), 457, Simplified Employee

Pensions, Money Purchase, Profit Sharing, Cash Balance, Group IRA, Non-Qualified,

Simple IRA and Simple 401(k).

TRAC is integrated with TA2000 and helps eliminate reconciliation problems that

occur when different systems are used for participant recordkeeping and shareowner

accounting. TRAC automatically feeds data to and from TA2000 and provides

financial institutions with systematic management control and integrated transaction

processing.

TRAC Desktop

TRAC Desktop is an integrated graphical user interface to TRAC, providing a

seamless integration between TRAC and AWD. TRAC Desktop provides an interface

for transaction processing and telephone-based communications. It improves

productivity and delivery of information to customer service representatives and

processing personnel.

DST SmartDesk

DST SmartDesk is a consolidated desktop application which provides a single portal

for access to many DST applications. It integrates many of the functionalities and

behaviors from previous desktop products within a single main window. The

applications currently available are TRAC, NSCC, and TRAC Compliance

Workstation. These applications can be used one at a time or simultaneously to

process a request. In addition, DST's business process management solution, AWD is

integrated to communicate with every application.

TRAC Compliance Workstation

TRAC Compliance Workstation is a desktop-based application that is fully integrated

with TRAC. The Compliance Workstation provides plan administrators the ability to

conduct interim and annual compliance tests for defined contribution plans. These

tests include Section 402(g) Limitations, Top Heavy, Section 410(b) Minimum

Coverage, Section 415 Limits, Deductibility, Determination of Highly Compensated

and Key Employees, Section 401(a) (4) General Nondiscrimination and Sections

401(k) and 401(m) ADP/ACP tests.



Testing of the TRAC Compliance Workstation general computer controls is tested in

conjunction with TRAC Desktop (Chapter III, Control Objective 12).

Automated Work Distributor (AWD) DST developed AWD to provide the potential for enhanced control over physical

documents and the workflow of processing through a transfer agent‟s operations.

AWD is a total work management system that electronically routes work associated

with documents received via mail, phone calls and faxes through a transfer agent

processing organization. AWD enhances the control of workflow and integrates with

TA2000, thereby eliminating paper and the time required to route, log and retrieve

files. AWD also empowers management with the tools and the information needed to

perform the transfer agent/shareowner servicing function effectively. AWD handles

both the imaging and management of the work associated with the images.

AWD is based on an advanced technology architecture comprised of an image server,

intelligent workstations and local area networks. This architecture adds power to the

desktop while providing access to centralized information and programs. AWD

operates on the following platforms:

Microsoft® Windows Server™ 2003 with Service Pack 2

Sun® Solaris™ 10

Red Hat® Enterprise Linux® 5

IBM i5/OS V5R4 (iSeries) - which has been installed in both the AWD Data

Center and Winchester Data Center

The primary iSeries at the AWD Data Center are configured to continuously replicate

production AWD data to secondary iSeries at the Winchester Data Center. This

process of mirroring data between data center sites is designed to eliminate downtime

from planned events such as nightly backups, software or hardware upgrades and

database reorganizations and from unplanned events such as system failure or power

outages.

In addition to AWD data mirroring, AWD client libraries are also backed up to tape

daily. Each backup is a full backup regardless of whether there were any changes to

the data. Backup tapes are retained in one of the two tape libraries, located at the

AWD Data Center and Winchester Data Center. Tapes are not kept offsite due to the

existence of the two separate data centers.

The AWD Information Processing General Computer Controls in Chapter III are only

applicable to those clients that have outsourced those activities to DST and whose

AWD information resides on DST‟s iSeries platform, which is housed in the AWD

Data Center and the Winchester Data Center. Remote installations of AWD are not

within the scope of this report. Consequently, it is incumbent upon each user

organization to ensure that adequate controls surround AWD to the extent that the

activities have not been outsourced to DST.



Data security over AWD is a separate and distinct information access security system

from the information security system surrounding the TA2000 system. Additionally,

the general controls environment surrounding iSeries processing is different from the

general controls environment surrounding Mainframe processing at the Winchester

Data Center. Accordingly, Chapter III differentiates between the TA2000 general

controls and the AWD general controls environment. Remote users are responsible for

establishing and monitoring security surrounding the iSeries environment as installed

at remote locations.

E-commerce DST‟s Network Services group manages all firewalls, routers and switches to ensure

DST‟s network is appropriately configured to securely support the E-commerce

environment. This includes restricting network traffic that is not required to support

the E-commerce function, as well as monitoring and logging unusual activity on a

routine basis. Logs of network activities are also reviewed routinely to verify that

network configurations are restricting traffic as intended and to allow Network

Services to respond in a timely manner to inappropriate traffic on DST‟s network.

DST has developed several internet-based products which allow shareowners and

financial advisors to access accounts, obtain information and enter transactions. These

products utilize DST‟s Financial Access Network (FAN) architecture, which is the

foundation for all DST internet-based solutions. The following is a description of

internet-based products utilized in the delivery of services to clients.

FAN Web

FAN Web is an internet-based application developed by DST and designed to allow

shareowners the ability to access fund and account information, perform financial

transactions, change personal identification numbers (PIN) and view statement

information online. The FAN Web product allows clients to reach retail investors who

have access to the internet. The FAN Web site is connected to a client‟s proprietary

internet site to enable shareowners to complete account inquiries and place transaction

requests over the internet. Clients manage the appearance of the FAN Web pages by

developing their own client specific templates. This allows clients to provide services

to investors through online markets without having to develop their own interfaces.

By providing access to fulfillment and transactions online, clients can do the

following:

Give shareowners convenient access to their account information and the ability to

move their dollars between funds.

Allow shareowners to submit transactions at a time convenient for them.

Reach a new population of potential investors effectively and efficiently.



When a new client enrolls in FAN Web, it is their decision whether they want to use a

fund/account and PIN, or a SSN number and PIN for authentication to the application.

The client decides how many logon attempts users are allowed before they are locked

out of the system. They also determine the composition of the PIN. The PIN can be

numeric, alpha, special characters, or a combination of two or more of these.

FAN Plan Sponsor

FAN Plan Sponsor Web is an internet-based application developed by DST and

designed to offer plan sponsors a direct channel for allocation purchase processing

FAN Plan Sponsor Web allows plan sponsors to manage and submit investment plan

allocations and purchases directly to fund investment plan allocations and purchases

directly to fund companies and transfer agents through a dedicated Internet website.

Testing of the FAN Plan Sponsor general computer controls is tested in conjunction

with FAN Web (Chapter III, Control Objective 13).

DST Vision

DST Vision (Vision) is an internet-based application developed and designed by DST

for financial intermediaries such as Broker Dealers, registered representatives and

financial advisors to deliver optimal client support. As an interactive website, Vision

permits authorized Broker Dealers, registered representatives and other advisors to

view shareowner and dealer information online in a real-time environment. With the

appropriate client authorization, Vision also enables the user to perform exchanges,

purchases, redemptions, establish new accounts and access electronic statements.

DST designed and developed Vision specifically to equip financial intermediaries

with the tools they need to obtain and retain assets. By providing access to advanced

capabilities and automated functionality, Vision permits wire houses, independent

firms and representatives to operate more efficiently. Originally integrated with DST‟s

shareowner accounting system, Vision is now transfer agent independent, capable of

providing access industry wide to comprehensive client account information. For

TA2000 users, Vision authentication is performed by the application against TA2000

security files. Consequently, TA2000 and Top Secret security testing can be relied on.

TRAC Web

DST developed TRAC Web to provide access to financial information related to

defined contribution retirement plans. The product utilizes DST‟s FAN architecture

and consists of three applications targeting three distinct audiences:

Participants

Plan sponsors

Broker Dealers

The Participant and Plan Sponsor applications are accessed through the investment

provider‟s proprietary website, although they are two different applications with

separate security structures. The investment provider is given the flexibility to

customize the pages of the Participant and Plan Sponsor applications to match the

proprietary website, thereby providing seamless access to inquiry, transactional and

administrative capabilities.



The Broker Dealer application is integrated in the Vision application. In this setting,

financial intermediaries may have access to both mutual fund and defined contribution

plan information, if applicable.

Software Development All software development is performed by associates that follow a development

lifecycle implemented and enforced by DST. Project lifecycle phases include the

following (in order):

Definition

Requirements

Design

Construction

Testing and implementation

Post-production support

Project leaders follow a standard project management process that includes the

following stages:

Initiation

Planning

Controlling

Executing

Closing

Systems enhancements are tested on multiple platforms prior to entering any

production environment. Written test scripts provide the framework for these steps of

quality review. As a project is ready to move to the next testing environment, reviews

are performed to determine project readiness and validate that the project meets

established quality ratios. Changes to applications are controlled by library

management software which provides audit trails of program changes and maintains

version control. Product Development maintains an 18-month Development Plan that

is continuously updated to reflect the changing needs of our clients and/or industry

issues.

DST has offices for software development in Jefferson City, Missouri; Boston,

Massachusetts; Bangkok, Thailand; Hyderabad, India; as well as its headquarters in

Kansas City, Missouri.



Review of Transaction Systems

TA2000 This section is divided into two areas:

Overview of DST's Processing Environment outlines the major transaction

types and the workflow environment within which the transactions were

processed.

Transaction System Processing Controls Provides a description of the various

TA2000 system control activities over transaction processing.

The information contained in the following section, including the transaction types,

transaction channels and description of system processing controls, is fundamentally

consistent across various product types within the scope of this report. Certain key

processes are unique to specific products, including, but not limited to, the following:

Real Estate Investment Trusts

The following processes are not applicable to non-traded REITs: NSCC transactions;

exchanges; checkwriting redemptions; 12b-1 commissions; certificates; TA2000

Voice; and net asset value (NAV). Public offering prices (POP) are used in lieu of

NAVs.

Closed End Funds

The following processes are not applicable to Closed End Funds: NSCC transactions;

checkwriting redemptions; FAN Web, Vision and TA2000 Voice transactions*;

commission calculations; and systematic transactions.

*TA2000 Voice can be used to obtain account balance information.

Mutual Fund Transaction Channels

This section provides a description of the major transaction types and the workflow

environment within which the transactions were processed during the period October

1, 2009 to September 30, 2010.

Transaction Descriptions

Brief descriptions of the various types of transactions performed within the DST

transfer agent environment are presented below. Transactions can be received from

the shareowner or from the client or intermediary.

Review of Transaction Systems 35


New Account Set-Ups A new account set-up (NASU) transaction is performed to

establish a shareowner account on the recordkeeping system.

Purchases There are three common methods of purchasing shares:

Direct Purchases Direct purchases are written requests to purchase fund sponsor

shares funded by check or wire for same-day settlement.

Confirmed Purchases Confirmed purchases are those purchases received and

processed for settlement at a later time (not to exceed three business days) and

funded by check or wire.

Systematic/Automated Clearinghouse (ACH) Purchases The systematic/ACH

method allows shareholders to make periodic purchases through an automatic

draft drawn against the shareowner‟s bank account. Systematic/ACH purchases

are automatically applied to the shareowner account on the recordkeeping system

via the systematic purchase functionality. Systematic/ACH processing parameters

(for example, timing and amount) are established or modified through the NASU

and/or maintenance processes.

Redemptions There are five different methods of redeeming shares:

Direct Redemptions Direct redemptions are requests for the liquidation of shares

disbursed in the form of a check or wire for same-day settlement.

Confirmed Redemptions Confirmed redemptions are those redemptions

received and processed for settlement at a later time (not to exceed three business

days) and disbursed via check or wire.

Systematic/ACH Redemptions The systematic redemption and ACH methods

allow shareowners to receive periodic cash payments from their accounts.

Systematic/ACH redemptions are automatically applied to the shareowner account

on the recordkeeping system via the systematic functionality. Systematic

processing parameters (for example, timing and amount of redemption) are

established or modified through the NASU and/or maintenance processes.

Expedited Redemptions An expedited redemption allows a shareowner to send

the proceeds to a bank account, using pre-established bank account instructions,

via wire the same day or the next day, depending on the privileges allowed by the

client and the timing of the request.

Checkwriting Redemptions Checkwriting redemptions are redemption requests

made using drafts associated with the shareowner‟s account. The drafts are

directly received and processed by the custodian bank. This option is established

as part of the NASU and/or maintenance process.



Exchanges An exchange allows for the movement of money between identically

registered accounts in different funds within the same client. The telephone exchange

privilege is established during the NASU and/or maintenance processes. Exchanges

may also be established systematically. Systematic exchanges are automatically

applied to the shareowner account on the recordkeeping system in the systematic

functionality. Systematic processing parameters (for example, timing, amount and

funds to be exchanged) are established or modified through the NASU and/or

maintenance process.

Transfer of Shares A transfer of shares is a request to move shares to an account

with a different registration within the same fund.

Transfer of Assets A transfer of assets is the movement of money into or out of an

individual retirement account (IRA), qualified retirement plan, or another retirement

vehicle.

Adjustments Adjustments principally represent error corrections.

Maintenance A maintenance transaction represents a change to shareowner records

(for example, address, name, or account feature changes).

Correspondence Correspondence represents communication to the shareowner or

shareowner representative regarding shareowner inquiries or transaction processing.

National Securities Clearing Corporation (NSCC) Support Services

Broker Dealers transmit transactions daily via the NSCC Fund/SERV system directly

to TA2000. The Broker Dealers utilizing the NSCC are responsible for ensuring

transactions are processed in accordance with the required mutual fund cutoff time.

Transaction System Processing Controls

This section provides an introduction and brief description of the control activities

over the transaction processing for Remote clients. The control activities that help

achieve the control objectives outlined in Chapter II: DST‟s Control Objectives,

Controls and Tests of Operating Effectiveness of TA2000 Remote Operations

Transaction processing Controls consist of the following:

Systematic control activities and procedures (programmed into TA2000, TA2000

Subaccounting and TRAC).

Operational procedures performed by certain DST Output locations - Control

objectives 6 and 7 in Chapter II contain the control activities specific to DST

Output. Testing of the control activities took place at the following DST Output

locations:

o DST Output – Kansas City

o DST Output – Hartford



Six broad categories were identified by DST management as necessary to achieve an

acceptable level of control over processing:

Only authorized transactions are processed.

Authorized transactions are processed accurately and recorded in a timely manner.

Transaction activity is reconciled.

Access to TA2000 system terminals is systematically restricted.

Printed output is processed accurately and completely.

Negotiable instruments are properly safeguarded.

TRAC This section provides an introduction and brief description of the control activities

over the transaction processing for the Total Retirement Accounting Capabilities

(TRAC) product.

Management Set-Up and Controls TRAC merges the financial institution‟s

business strategy, IRS rules and plan specific requirements to help ensure

transaction processing is valid within those parameters.

Multiple Investment Options TRAC supports systematic trading of mutual

funds, company stock and insurance products like annuities, life insurance policies

and Guaranteed Interest Contracts (GICs). These investment options support the

growing demand for additional investment opportunities that may be outside of the

financial institution‟s investment product line.

Transaction Processing TRAC provides clients with single entry, systematic

validation and systematic integration of all transaction processing. In addition,

trading and reconciliation of assets and checks are systematically performed on a

daily basis. This functionality is provided for all investment options plans made

available to their participants.

Because TRAC is integrated with AWD, DST‟s image-enabled work management

system, DST enables efficient transaction processing by automating distribution of

work, releasing payroll contributions upon receipt of funding and corresponding with

entities associated to a plan.

Communication Retirement plans require communication with participants,

plan sponsors and a number of plan intermediaries. TRAC supports this need by

making information available to all parties via the internet, voice response system

and traditional reporting. In addition, TRAC helps the financial institution manage

the different business relationships by associating and maintaining information

about each plan intermediary and participant. All information is available at the

touch of a button. TRAC produces customized participant statements and provides

comprehensive support for marketing, compliance testing, plan administration, tax

reporting and employer and participant servicing.



Seamless Interfaced Processing TRAC interfaces with TA2000. Daily participant transaction processing establishes and accesses investment accounts in the mutual fund system during nightly processing. All TRAC processing utilizes the same transaction reason codes of TA2000 and updates all TA2000 reports. The flexibility and reporting capabilities of TA2000 continue to exist with TRAC.

Daily Valuation TRAC is a daily valuation system providing daily account balance information for mutual fund, GIC and insurance investments. Each day all participant records reflect a participant‟s most current information. TRAC helps avoid interfacing and reconciliation issues which are inherent on non-integrated systems. For outside investment vehicles, TRAC relies on client-provided pricing and valuation information. Clients are responsible for ensuring that transaction reporting and daily valuation information is accurate and input on a timely basis.

Integrated Fund Balancing As a result of full integration with TA2000, TRAC processing provides daily updates to the fund movement supersheets provided by TA2000 to assist in fund balancing and daily money movement. Supersheet reports are used daily to control cash flow and money movement from deposit and custody accounts.

Takeover Support Complete automated online and batch load takeover capabilities are offered through the Plan Conversion facility within TRAC. Reconciliation/Balancing of conversion detail is accomplished through the generation of a conversion trial balance. The conversion trial balance reports participant allocations based upon converted valuations, prior recordkeeper gain/loss and holding account interest accrued.

Voice Response Participant-level voice response capabilities provide plan participants access to inquiry information regarding investment elections, portfolio balance, withdrawal availability, loan balances along with payoff calculations, price/yield quotations and personal identification number security, as well as transaction processing capabilities.

Flexible Statement Design TRAC utilizes a pre-processor to schedule, select, format and distribute plan participant statements in a timely, efficient process created around individual client needs. Features include flexible document formats, selective inserting capabilities and custom finishing services.

Automated Reconciliation TRAC is fully integrated with TA2000 Comp/Recon. TRAC and Comp/Recon integration gathers participant and plan, deposit, disbursement and bank information to automate TRAC with Comp/Recon to perform the following:

o Comparison and reconciliation of TRAC internal mutual fund and outside

investment vehicle information with bank information.

o Reconciliation of the transfer agency‟s demand deposit accounts (DDA).



TRAC Web TRAC Web provides participants, plan sponsors and third-party administrators‟

convenient, self-servicing internet access to retirement plan information in a real-time

environment.

TRAC Web Participant This participant-level web application offers plan

participants access to both inquiry and transaction capabilities including portfolio

balance, current investment elections, plan and participant models, exchanges,

loans, distributions and transaction history.

TRAC Web Plan Sponsor This application offers both plan and participant-

level information to plan sponsors and other entities associated with plan

administration. Inquiry and administrative functionality includes plan assets,

participant assets, payroll processing, participant add/update, file import, reports,

distribution review, compliance information and query capabilities on plan and

participant data.

TRAC Web Broker Dealer Plan and participant inquiry capabilities are

integrated into the Vision web application for financial intermediaries.

Functionality includes plan assets, participant assets and reports.

TRAC continues to be enhanced with additional functionality to meet the needs of

DST‟s existing client base and those of the defined contribution marketplace.



User Control Considerations

DST's control activities were designed with the assumption that certain controls would

be implemented by user organizations. In certain situations, the application of specific

controls at user organizations is necessary to achieve certain control objectives

included in this report.

This section describes additional controls that should be in operation at user

organizations to complement DST's control activities. Clients and their user auditors

should consider whether the following controls are relevant and/or have been placed

in operation at user organizations:

Instructions and information provided to DST from its clients are in accordance

with the provisions of the agreement with DST or other applicable governing

agreements or documents between DST and its clients. In addition, the transfer

agent client is responsible for ensuring appropriate controls are in place regarding

cutoff at their distributors and authorized intermediaries.

Sufficient controls over physical and logical access to DST systems via terminals

at client locations should be established, monitored and maintained by DST

clients.

Timely written notification of individuals authorized to instruct DST on behalf of

the clients and any changes in that authorization should be communicated to DST.

Sufficient controls should exist at the client‟s operation to verify that instructions

are authorized and in compliance with regulatory and client requirements.

Timely review of reports of account balances and related shareowner services

activity provided by DST should be performed by the clients.

Clients are responsible for the establishment of the tax-reporting matrix within

TA2000.

Compliance with Blue Sky requirements is the responsibility of DST clients.

Clients are responsible for the establishment of a master file of dealers who are

authorized to receive commissions.

In order to determine the amounts and transactions are identified, recorded and

accumulated properly and that the proper tax forms are produced, DST

encourages its clients to participate in a mock tax-reporting run. Any problems

associated with the tax-reporting process can then be resolved in a timely manner.

The client is responsible for information integrity when the transmission or tape

media is transmitted directly from the client.

Clients are responsible for establishing and maintaining controls over ADTRANS

processing.

User Control Considerations 41


Clients are responsible for determining security parameters (PIN composition,

lockout features) and functionality for FAN Web/TRAC Web/Vision/TA2000

Voice transactions, based on DST- established minimums.

TA2000 Subaccounting customers are responsible for utilizing reports available

from TA2000 and TA2000 Subaccounting to reconcile activity between the

Broker Dealer system, TA2000 Subaccounting and TA2000 to ensure transactions

were processed completely and accurately.

TA2000 Subaccounting customers are responsible for establishing guidelines that

limit account administration (operator) access by DST personnel. Customers

should determine what activities will be performed by DST and establish access

policies that appropriately restrict system access.

All TA2000 Subaccounting account administration activity is logged and a report

of activity is provided to clients daily for their review. This report should be

reviewed to ensure all activity is appropriate and in accordance with established

policies and guidelines.

Information relating to TA2000 Control and Exception Reports, TRAC Control

Reports and AWD Queries can be obtained either through the DST Customer

Center website or the client‟s respective client service representative.

For confirmed purchases or redemptions, which are rejected due to a lack of

specific information or lack of payment, clients are responsible for a follow-up

with brokers. This follow-up may be performed by DST at the client‟s request.

Clients are responsible for reviewing and following up on transactions listed on

the Daily "As-of" Accountability Report.

Clients are responsible for reviewing and following up on wire redemption control

reports including the daily balancing and reconciliation functions.

The list of user control considerations presented above and those presented with

certain specified control objectives do not represent a comprehensive set of all the

controls that should be employed by user organizations. Other controls may be

required at user organizations.

Chapter II:

DST’s Control Objectives, Controls and Tests of Operating

Effectiveness of TA2000 Remote Operations Transaction

Processing Controls

TA2000 Remote Operations Transaction Processing Controls 45


DST’s Control Objectives, Controls and Test of Operating Effectiveness of TA2000 Remote Operations Transaction Processing Controls

DST management has specified certain control objectives that it believes are relevant

to its clients and their auditors and has identified its control activities in place to

achieve those objectives.

Twelve control objectives have been identified and are grouped into three major

functional areas, which are as follows:

TA2000 Transaction System Processing Controls

1. Controls provide reasonable assurance that transactions are authorized.

2. Controls provide reasonable assurance that transactions are processed accurately,

timely, properly recorded in the shareowner accounts and properly updated to the

system.

3. Controls provide reasonable assurance that corporate actions transactions are

properly authorized and accurately recorded in a timely manner.

4. Controls provide reasonable assurance that transaction activity is reconciled.

5. Controls provide reasonable assurance that access to the TA2000 system terminals

is systematically restricted.

6. Controls provide reasonable assurance that printed output is processed accurately

and completely.

7. Controls provide reasonable assurance that negotiable instruments are properly

safeguarded by DST Output.

TA2000 Subaccounting Transaction System Processing Controls

8. Controls provide reasonable assurance that TA2000 Subaccounting transactions

are aggregated completely and accurately processed.

TRAC Transaction System Processing Controls

9. Controls provide reasonable assurance that TRAC transactions are processed

accurately and timely.



10. Controls provide reasonable assurance that TRAC transactions are processed at

the proper price based on system input.

11. Controls provide reasonable assurance that TRAC transactions activity is

reconciled.

12. Controls provide reasonable assurance that access to the TRAC application is

systematically restricted.

PwC has determined the nature, timing and extent of testing to be performed in order

to determine if control activities specified by management are operating effectively.

DST‟s control activities and PwC‟s results of operating effectiveness are detailed in

the following chapter. Further information on testing performed by PwC can be found

in Chapter IV.

TA2000 Transaction System Processing Controls 47


TA2000 Transaction System Processing Controls

Authorization 1. Controls provide reasonable assurance that transactions are authorized.

Control Activities Tests Applied Results of Testing User Control Considerations

1.1 Access to TA2000 Voice, FAN Web,

TRAC Web and Vision is restricted with the

use of an individual account and Personal

Identification Number (PIN) unique to each

account/broker as applicable. TA2000 Voice,

FAN Web, TRAC Web and Vision restrict

participant access via voice authentication

and/or PIN entry. If TA2000 Voice is unable

to match the caller‟s voice with a valid

participant voice print, the caller is

systematically required to enter a PIN. After

a preset number of PIN entry errors, TA2000

Voice automatically disables the PIN and

transfers the participant to a service

representative. After a preset number of PIN

entry errors, FAN Web, TRAC Web

(Participant and Plan Sponsor) and Vision

will not allow processing on the specified

account.

Reperformance Utilized an ITF

to test TA2000 Voice, FAN Web,

TRAC Web and Vision for use of

voice prints, PINs and PIN entry

error processing.

No relevant exceptions

noted.

The user is responsible for

establishing:

Security parameters

for TA2000 Voice,

FAN Web, TRAC

Web, and Vision

based on DST-

established

minimum standards.

Maximum amount of

dollars to be

redeemed/exchanged.

The types of

transactions allowed by

TA2000 Voice, FAN

Web, TRAC Web, and

Vision from the

available choices.

Procedures to review

applicable control and

exception reports.





1.2 A shareowner master account must

exist on TA2000 before redemption

transactions will be allowed to process.

TA2000 displays the master file information

upon entry of the fund and account number.


to attempt to process a redemption

on a non-existent account and to

determine proper rejection of the

transaction.


noted.


questioning the account

information received from

the shareowner when the

name on the documentation

or on the digitized optical

image does not match the

name on the master file.

1.3 At the fund‟s option, ADTRANS

journals may be generated when ADTRANS

are processed on TA2000.

Inquiry Inquired of TA2000

management as to operating

procedures surrounding generation

of ADTRANS journals and

processing of ADTRANS

transactions.


noted.


establishing appropriate

fund options. Due to the

lack of a shareowner

history record, user

controls, including the

following, are required to

control ADTRANS

processing:

Restricting access to

ADTRANS

ADTRANS approval

Review of ADTRANS

journals





1.4 Programs for TA2000 nightly

transaction processing generate shareowner

account confirmations containing the

transaction details. The confirmations are

mailed directly to the shareowner and can be

suppressed within TA2000. For changes of

address, a fund option exists to send a change

of address notification to the old address and

a confirmation to the new address. When a

certificate is issued to an address other than

the address of record, a confirmation is sent

to the address of record and the certificate,

acting as a confirmation, is sent to the special

address.


to generate confirmations for test

transactions including redemption,

purchase, transfer, exchange,

address change and certificate

issuance to an address other than

the address of record, for evidence

of generation in accordance with

transaction details. Additionally,

utilized an ITF to verify that

confirmations can be suppressed.


noted.

System controls are

designed to detect

unauthorized

transactions. User

controls are necessary to

provide assurance that

entry or submission of

unauthorized

transactions to the

system is prevented.

Additionally, controls

are necessary to ensure

that confirmations are

mailed directly to the

shareowner independent

of the transaction

processing areas.

1.5 Transmitter IDs are used to verify

access to the correct fund for each TA2000

bulk transmission. Transmissions with

invalid transmitter IDs are rejected.

Transmissions are received either on

dedicated transmission lines or on dial-up

lines.

Reperformance Utilized a test

environment to submit a bulk

transmission with an invalid

Transmitter ID to verify the ID

was rejected by the TA2000

system.


noted.

The user is responsible

for correcting rejected

bulk transmissions and

ultimately resubmitting

the bulk transmission.



Accuracy and Timeliness 2. Controls provide reasonable assurance that transactions are processed accurately, timely, properly recorded in the

shareowner accounts and properly updated to the system.


2.1 Certain information is required for

establishment of an account. Without such

information TA2000 will not allow

processing. This includes:

Name

Address

ZIP Code

Social Code

State or Country Code

Tax ID Code/TIN Code

TA2000 verifies that the zip code in the

address is a valid zip code for the state code

entered.


to establish a new account to test

the operation of the online editing

and formatting routines.


noted.


for reviewing transaction

processing and the

appropriate TA2000

exception reports to

ensure propriety of

information entered.

2.2 During information input, online

formatting and editing routines are

performed. Edit tests for the validity of such

items as fund code, shareowner account

number, check number, management code

and status are performed by TA2000.


to test that online editing and

formatting routines are performed

by the TA2000 system.


noted.



processing and the

appropriate TA2000


ensure propriety of




2. Controls provide reasonable assurance that transactions are processed accurately, timely, properly recorded in the



2.3 FAN Web, Vision, TA2000 Voice and

TRAC Web do not allow the participant to

modify account registration information. In

addition, the amount allowed to be redeemed

or exchanged via FAN Web, Vision,

TA2000 Voice or TRAC Web can be limited

at the fund level.


to test FAN Web, Vision, TA2000

Voice and TRAC Web for

evidence that modification of

account registration is not allowed.

Additionally, utilized an ITF to

verify transaction limits

established at the fund level are

enforced.


noted.


establishing:

Security parameters for

TA2000 Voice, FAN

Web, TRAC Web, Vision

based on DST-

established minimum

standards.

Maximum amount of

dollars to be

redeemed/exchanged.

The types of transactions

allowed by TA2000

Voice, FAN Web, TRAC

Web, Vision from the

available choices.



exception reports.

2.4 Establishment of new accounts on

TA2000 is performed on a real-time basis.


to establish a new account and

verified the new account was

established on the TA2000 system

on a real-time basis.


noted.



quality controls over

shareowner maintenance.






2.5 A Voluntary Maintenance Journal and

a General Journaling Facility Report are

created out of TA2000 nightly processing

which shows, for fields changed on the

shareowner master and fiduciary file, the

value of the field before the change. An

online history of shareowner master file

maintenance is available.


to process a change to the

shareowner master to verify

appropriate posting to the

Voluntary Maintenance Journal

and proper inclusion on the online

history of the shareowner master

file maintenance. Additionally,

utilized an ITF to process a change

to the fiduciary file to verify

appropriate posting to the General

Journaling Facility. Verified for

fields changed on the shareowner

master and for fields changed on

the fiduciary file the reports listed

the value of the fields before the

change and after the change.


noted.


reviewing maintenance

journals for accuracy and

completeness.






2.6 Edits exist within TA2000 to validate

that the fund's new price/rate equals the

previous day's price/rate plus/minus the net

change transmitted. TA2000 maintains a

Daily Price File which contains prices for

each fund. Both sides of exchanges are

priced at the same time to assure the proper

prices are used. The use of batch totals for

purchase and redemption input provides

assurance that the dollar amount of the

individual transactions is correct.


to test that online edit and

validation routines surrounding

fund pricing are performed by the

TA2000 system. Additionally,

utilized an ITF to generate test

exchange transactions to determine

that both sides of the transaction

are appropriately priced.


noted.


for entering all prices,

reviewing the available

TA2000 reports and

ensuring the correction

of any prices not

properly entered.

Additionally, the user is

responsible for

investigation and reentry

of exchanges which are

rejected during nightly

processing. Such items

are listed on the Daily

Transaction Work File

Deletions Report.






2.7 TA2000 converts dollars to shares and

maintains account balances in shares.

TA2000 generates a Daily Price Update

report which lists prices entered. TA2000

will not process any transactions without a

current price for the fund for that trade date.

TA2000 produces a Consolidated Error

Report showing items rejected because of no

price.


to generate test transactions for

evidence that the TA2000 system

appropriately converts dollar based

transactions to shares during

nightly processing and maintains

accounts in shares. Also utilized an

ITF to generate test transactions

entered without a daily price file to

determine that the TA2000 system

appropriately rejected the

transactions and posted them to the

Consolidated Error Report.


noted.


for:

Entering all prices

initially.

Reviewing the error

reports.

Reentering any

prices that were not

correctly entered.






2.8 TA2000 online edits prohibit an

individual redemption, transfer, exchange, or

certificate issuance transaction if it is greater

than the current shareowner balance. A fund

option exists on TA2000 to age shares

purchased for a specified number of days to

allow proceeds to clear the banking system. If

a redemption or exchange is attempted for

more than the collected balance, an online

warning message will display and require an

override to process the redemption. If an

override is processed, TA2000 produces a

Premature Share Removal Report.


to process a redemption, transfer

and exchange in excess of the

collected account balance and non-

certificate share balance, to verify

rejection of the transactions and/or

operation of the online edit

routines, as applicable.


override a redemption in excess of

the collected balance to verify

posting of the override to the

Premature Share Removal Report.


noted.

User controls for

handling online

collected balance

warning messages are

required to enforce

minimum holding

period requirements.

The user is also

responsible for


fund options and for

reviewing redemptions

on the Premature Share

Removal Report.






2.9 TA2000 prevents the processing of

other redemption requests in excess of the

account balance on the same day that a wire

redemption is made.


to process a redemption on the

same day that a wire redemption

was made to verify rejection of the

transaction.


noted.

User activities or

controls are required to

provide control over the

transmittal of wire

redemption proceeds.

2.10 The transfer and exchange facilities

require the input of all accounts affected by

the transaction. TA2000 will not accept the

transaction without account information for

all accounts affected.


to test the transfer and exchange

online edit routines to verify

TA2000 requires account

information for all accounts

affected by the transaction.


noted.

Rejected transactions

would show on either the

Daily Transaction Work

File Deletions Report or

Daily Update Error

Listing Report. The user

is responsible for

monitoring the

referenced reports and

for investigating and

correcting any rejected

transactions.






2.11 Transaction records are created out of

TA2000‟s nightly processing reflecting share

and/or cash transactions to shareowner

accounts. If a transaction is cancelled, a

record is created which reverses the effect of

the original transaction and the original

transaction is retained.


to process a purchase, exchange,

redemption, dividend adjustment

and cancellation transaction and

verified each transaction was

appropriately posted to the

transaction record. Additionally,

verified the original transaction

was retained after a cancellation

was processed.


noted.


for investigation and

resolution of

transactions requiring

cancellation and for

determining that such

transactions are

ultimately appropriately

processed.

2.12 Once established in TA2000, each

systematic transaction is automatically

executed on the date(s) specified by the client

or the shareowner.


to establish a systematic purchase,

a systematic redemption and a

systematic exchange to determine

that the transactions were executed

on the appropriate days and at the

correct amount.


noted.


for establishing dates to

run and types of

privileges to allow.

Also, the user is

responsible for

establishing and

maintaining systematic

instructions from

shareowners.






2.13 TA2000 edits ensure that certificate

transactions cannot be processed outside the

account values. Certificate transactions

update the certificate file on TA2000, which

shows deposited/cancelled, issued, stopped

and voided certificates.



procedures surrounding the

processing of previously

cancelled/stopped certificates as

well as the processing of

certificates outside of account

values.


to issue and deposit certificate

transactions to verify that TA2000

edits ensure that certificate

transactions cannot be processed

outside of the account values.

Additionally, as the certificate

status was changed, verified the

certificate file on TA2000 was

appropriately updated to reflect the

status change.


noted.


for reviewing

transaction processing

to ensure propriety of







2.14 TA2000 allows processing “as-of” a

trade date which is different from the current

date. TA2000 requires the user to enter a

reason code for these items. Such

transactions are listed on the Detail Daily

"As-of" Report.


to process a transaction “as-of” a

trade date which was not the

current date to verify TA2000

required the entry of a reason code.

Additionally, reviewed the Detail

Daily “As-of” Report to verify the

transaction posted.


noted.

User controls should


the proper trade date is

indicated on the

supporting

documentation and that

such date is entered into

the system. The user is

also responsible for

timely entry of such

transactions. Lastly, the

user is responsible for

reviewing reason codes

assigned to transactions

and the transaction

detail listed on the

Detail Daily "As-of"

Report for propriety.

2.15 Batch transmissions submitted to

TA2000 are systematically processed during

nightly routines.


to process various transaction

types to verify that sources/batches

submitted to TA2000 are

processed in the current nightly

process.


noted.


for the input of the

daily price and/or daily

dividend rate before the

nightly batch process

commences.






2.16 TA2000 systematically assigns the

best possible price the shareowner is entitled

to receive (i.e. breakpoint level, cumulative

discount) using the information provided on

the trade.


to process purchase transactions to

verify that TA2000 assigned the

appropriate price based on

breakpoint levels and cumulative

discounts.


noted.


for ensuring the

shareowner accounts are

appropriately linked to

the proper breakpoint

schedule and cumulative

discount categories.

2.17 TA2000 Voice confirms each

transaction requested by the caller verbally,

allowing the caller to verify entered

information and cancel the transaction if an

error is made.


to process a transaction to verify

that TA2000 Voice confirmed the

transaction, allowing the caller to

verify information entered and

cancel the transaction if an error is

made.


noted.


for establishing:

Security parameters

for TA2000 Voice

based on DST-

established minimum

standards.

Maximum amount of

dollars to be

redeemed/exchanged.

The types of

transactions allowed

by TA2000 Voice

from the available

choices.



exception reports.






2.18 FAN Web, TRAC Web and Vision

confirm transactions online allowing the

shareowner/broker to verify the information

entered and cancel the transaction if an error

is made.


to process a FAN Web, TRAC

Web and Vision transaction to

verify that FAN Web, TRAC Web

and Vision confirmed the

respective transactions online;

thereby allowing the

shareowner/broker to verify the

information entered and cancel the

transaction if an error was made.


noted.


establishing:

Security parameters

for FAN Web, TRAC

Web, Vision based on

DST-established

minimum standards.

Maximum amount of

dollars to be

redeemed/exchanged.

The types of

transactions allowed

by FAN Web, TRAC

Web, Vision from the

available choices.


applicable control

and exception

reports.






2.19 Statements are generated and mailed

to the address of record confirming

systematic transactions. Systematic

transactions receive either a daily

confirmation or a monthly or quarterly

statement detailing the prior time period‟s

activity.


to establish and process systematic

transactions to verify that

confirmations were generated and

mailed to the address of record

once the systematic transactions

had been executed.


noted.

Not applicable.






2.20 New accounts, commission rates at

the fund level and the commissionable share

option must be established in TA2000.

TA2000 calculates the appropriate

commission amounts, including exchange of

“free” and commissionable shares, based on

inputs to the system.


to evidence accurate calculation of

commission amounts by the

TA2000 system, including

exchange of “free” and

commissionable shares.


noted.


assigning the correct

broker to the shareowner

master account, assigning

any default numbers for

unidentified brokers and

ensuring the correct broker

number is input when

submitting trades through

the order processing

system. The user is

responsible for

establishing the

commission rates and any

letter of intent or

cumulative discounts on

the master files.

2.21 TA2000 also maintains

commissionable share amounts and

determines if commissions have already been

paid for shares being exchanged and, if

appropriate, adjusts the exchange transaction.


to determine that TA2000

maintains commissionable share

amounts and determines if

commissions have already been

paid for shares being exchanged

and, if appropriate, adjusts the

exchange transaction.


noted.


reviewing price error

reports, correcting any

transactions rejected and

ensuring adjustments made

by the system were proper.






2.22 Clients must authorize the dealers to

which commissions are to be paid.

Authorized dealers are assigned a code in the

TA2000 Financial Institution Database for

commission processing. Shareowners provide

instructions regarding specific dealers for

their accounts. Changes to this designation

are provided by confirmation to the address

of record. Once assigned to an account,

specific dealer information is used for

subsequent purchases and the payment of

associated commissions. TA2000

systematically calculates the 12b-1

commission payout amount for each dealer.

Additionally, online edit and validation

routines surrounding commission processing

are performed by the TA2000 system.


management to ensure that

changes to the dealer designation

are provided by confirmation to

the address of record.

Additionally, inquired of TA2000

management as to the operating

procedures surrounding

commission check processing,

commission payments and

adjustments to the Dealer Master

File.


to process exchange and purchase

transactions to verify that

shareowner accounts, when

established, have specific dealer

information used for subsequent

purchases. Additionally, verified

that online edit and validation

routines surrounding commission

processing are performed by the


noted.


assigning the correct

broker to the shareowner

master account, assigning

any default numbers for

unidentified brokers and

ensuring the correct broker

number is input when

submitting trades through

the order processing

system.






2.22 (continued) TA2000 systems. Utilized an ITF

to process a purchase transaction

with a commission from a valid

discount category and verified the

system correctly calculates the

commission. Also, utilized an ITF

to change the dealer on an account

to verify a confirmation was

generated. Utilized an ITF to

process a 12b-1 commission

payment to confirm the payout

was calculated accurately.

2.23 TA2000 charges a fee based on the

establishment of fund thresholds designating

a short term trade.


to process redemption transactions

to verify that redemption fee on a

short term trade fees were

accurately calculated and applied

by the TA2000 system in

accordance with operating

procedures.


noted.



fund thresholds.






2.24 TA2000 system routines ensure that

fund fees (i.e. front end loads and/or CDSCs)

are appropriately assessed and accurately

calculated. Additionally, shares are converted

to other share classes by the TA2000 system

in accordance with system settings.



procedures surrounding front-end

loads and CDSC processing.


to process exchange, purchase and

redemption transactions to verify

that front-end loads, CDSCs and

redemption fees were

appropriately assessed, accurately

calculated and applied by the

TA2000 system in accordance

with operating procedures.


process exchange and redemption

transactions to verify that shares

were converted to other share

classes in accordance with

operating procedures.


noted.


selecting whether the

commission should be

taken at gross, net, or

special (waived). The user

is responsible for

reviewing the Sharelot

Reporting Redemption

Journal and the Sharelot

Reporting Redemption at

Special Journal to ensure

propriety of information

processed. The user is

responsible for

establishing and

maintaining shareowner

master files, front-end

loads, CDSC fees and

share class conversion

setting within the TA2000

system.






2.25 NSCC transactions and other bulk

transmissions are received by TA2000 in

batches with either batch header or trailer

information containing the total number of

accounts and shares and/or dollars. These

totals are verified by TA2000 after each

transmission. If the calculated totals and the

trailer records do not agree, the transmission

is rejected.

Reperformance Utilized a test

environment to submit a bulk

transmission to verify that

header/trailer totals are

systematically verified by TA2000

after each transmission.


noted.


establishing batches with

either batch header or

trailer information for

verification. Additionally,

the user is responsible for

controlling the validity of

individual transactions

comprising the bulk

transmission, for

submitting bulk

transmissions on a timely

basis and for ensuring that

all rejected items are

reprocessed. The user is


balancing the bulk

transmission details to the

header/trailer record prior

to transmission to DST.






2.26 TA2000 calculates tax withholdings

based on system inputs entered by the

processor.


to ensure TA2000 accurately

calculated the tax withholding

amount based on system inputs.


noted.

Not applicable.

2.27 For updated check items, TA2000

edits ensure that the current status of a check

is validated when the status of a check is

updated to voided, stopped, or reissued.

Observation Observed the

designated TA2000 Facility used

to update the status of checks after

proper authorization.


noted.

Not applicable.

2.28 The TA2000 system generates the

Production Funds Not Priced Current Day

Report and the Daily Dividend Live Funds

Without Rates Report identifying funds that

did not receive a price/rate for the current

day.


to determine that the TA2000

system accurately generates the

Production Funds Not Priced

Current Day and the Daily

Dividend Live Funds Without

Rates reports identifying any funds

that did not receive a price or rate.


noted.


review and follow up on

the Production Funds Not

Priced Current Day Report

and the Daily Dividend

Live Funds Without Rates

Report.



Corporate Actions - Authorization, Accuracy and Timeliness 3. Controls provide reasonable assurance that corporate actions transactions are properly authorized and accurately

recorded in a timely manner.


3.1 For daily dividend funds, the TA2000

system automatically computes any dividend

adjustments resulting from “as-of”

transactions and produces a report of those

transactions and resulting dividend

adjustments. A decrease dividend adjustment

will be rejected if there are insufficient shares

in the account. If dividend adjustments are

not posted, they appear on the Daily Update

Error Listing. For non-daily dividend funds,

the TA2000 Record Date Journal is produced

which shows any “as-of” transactions with a

trade date prior to any previous record date.

TA2000 requires the entry of the current

day‟s rate and the net change from the prior

day. If the prior rate plus or minus the net

change does not equal the current rate,

TA2000 will not accept the rate.

The TA2000 Daily Update Error Listing is

generated and transmitted to the fund‟s


management regarding decreased

dividend adjustments and the

rejection of such adjustment if

there are insufficient shares in an

account.


to process a dividend on a daily

dividend fund for evidence of the

accurate calculation of the

dividend by TA2000.


test that online edit and validation

routines surrounding dividend

processing are performed by

TA2000. Also, utilized an ITF to

process dividend adjustments for

evidence of proper posting to the

shareowner account. Lastly,

utilized an ITF to process


noted.



fund options and for review

and follow-up of the Daily

Update Error Listing

Report. For daily dividend

funds, it is the user‟s

responsibility to post any

dividend adjustments to the

shareowner accounts not

posted by the system. For

non-daily dividend funds,

the user is responsible for

calculating the amount of

the dividend adjustment

using the Record Date

Journal and posting the

adjustment to the account.

The user is also responsible

for establishing the proper



3. Controls provide reasonable assurance that corporate actions transactions are properly authorized and accurately



3.1 (continued)

portfolio accountants. This report includes

the daily dividend accrual, month to date

accrual and the number of record date shares.

transactions (purchase,

redemption, etc.) adjustments for

evidence that system generated

adjustments were appropriately

calculated and posted to the

shareowner account.

options for accruals and

payments of dividend

funds.






3.2 For non-daily dividend funds,

TA2000 will not calculate a dividend unless a

dividend calculation flag is set. Once set, the

dividend is calculated for each shareowner

account eligible for that record date and

subsequently posted to the shareowner

account.


to process a dividend to verify

accurate calculation and posting by

the TA2000 system during nightly

processing and the operation of

online edit and validation routines.


noted.


entering dividend

calculation information,

turning on and subsequently

removing the calculation

flag and scheduling the

processing of the dividend

with DST.

3.3 For non-daily dividend funds, a

dividend calculation record exists which

contains the dividend rate and appropriate

dates. The Dividend Calculation program

performs individual extensions and total

accumulations.


to process a dividend on a non-

daily dividend fund for evidence of

appropriate calculation of the

dividend by the TA2000 system.


noted.


setting the calculation flags

for the system to compute

the dividend and

communicating to DST the

need to schedule the

dividend to be processed.


for balancing the dividend

calculation cycle and

agreeing to the shares

created and cash

distributed.






3.4 The shares related to the “fail” and

“fail-free” files of confirmed purchases and

redemptions are included or excluded from

the dividend calculation, as appropriate, by

TA2000. TA2000 computes a dividend

transaction for each shareowner as of the

record date. This transaction record is posted

to the shareowner‟s account in the next

TA2000 nightly cycle. If a shareowner‟s

account was not posted, the totals for the

fund would not agree to the summation of the

shareowner‟s records. This out-of-balance

condition would be included on the TA2000

Supersheet Audit Report. The Shares

Supersheet Report will show dividends

loaded back and the amount of shares loaded

back (reinvested), which is reconciled to the

Dividend Calculation Report at the time the

dividend was calculated.



accurately computes a distribution

transaction based upon shares as of

a certain record date, which is

posted to the shareowner‟s account

or outstanding order. Utilized an

ITF to process a dividend

subsequent to processing

confirmed transactions to

determine proper posting to the

shareowner accounts.


noted.


reviewing transaction

processing and the

appropriate TA2000

exception reports to ensure


entered. In addition, the

following responsibilities

should also be performed:

Reconciliations, as

described in objective 4,

can detect certain types

of errors made in

processed transactions.


for reconciling the

dividend cycle

processing and

determining propriety

thereof.






3.4 (continued) The user is responsible

for reviewing any out of

balance condition on the

supersheet report and

reconciling dividends

calculated to dividends

posted using the reports

indicated in the TA2000

Control Reports and

TA2000 Exception

Reports sections.

3.5 Daily dividend accruals are calculated

and updated to shareowner accounts by

TA2000 during nightly processing.


to process a dividend to determine

accurate calculation by the

TA2000 system during nightly

processing and proper posting to

shareowner account.


noted.


entering dividend

calculation information,

turning on and

subsequently removing the

calculation flag and

scheduling the processing

of the dividend with DST.






3.6 TA2000 generates reports of wire

redemption activity. The Bank Instruction

Maintenance Journal lists changes to wire

instructions. The Expedited Redemption

Warning Report lists accounts where a

redemption occurred on the same day a

change in wire instructions was performed.


to process an expedited

redemption and a direct

redemption of shares by wire for

evidence of posting on the Wire

Instruction Report for Expedited

Redemptions and Wire Instruction

Reports for Direct Redemptions,

respectively. Additionally, utilized

an ITF to attempt to change wire

instructions on a wire redemption

and to perform a redemption on

the same day a change in wire

instructions was performed to

determine posting to the Bank

Instruction Maintenance Journal

and Expedited Redemption

Warning Report, respectively.


noted.


review and follow up on

wire redemption control

reports including the daily

balancing and

reconciliation functions.



Activity Reconciliation 4. Controls provide reasonable assurance that transaction activity is reconciled.


4.1 The following TA2000 reconciling

procedures are performed during nightly

processing:

Shareowner history records are

accumulated and added to the beginning

share balances on the shareowner master

and reconciled to the ending share

balances on the shareowner master. Any

differences are printed on the Daily Fund

Share Balance Error Listing (only

accounts with exceptions or differences

will appear on the report).

The cumulative ending shareowner

balances are reconciled to the fund total

per the supersheet file. Any differences

are printed on the Supersheet Audit

Report.


to generate test transactions and

determine differences, if any, were

appropriately posted to the Daily

Fund Share Balance Error Listing

and/or Supersheet Audit Report.


noted.



resolution of any out-of-

balance conditions

appearing on exception

reports.





4.2 TA2000 produces a Cash Supersheet

which details cash activity and a Daily

Distribution of Cash report which indicates

the movement of cash needed between

accounts as a result of the current day‟s

activity. In the Same Day Cash Management

(SDCM) environment, cash supersheets,

accurate at a point in time, may be generated

throughout the day to allow for more timely

money movement.


to process cash transactions to


Cash Supersheet and Daily

Distribution of Cash Report, as

applicable.


noted.


for initiating and

controlling cash

movements. The user is


requiring adequate

documentation for

transactions and

reconciling recorded

trades to supporting cash

activity.

4.3 Recorded exchanges are appropriately

included on the TA2000 Daily Distribution of

Cash Report requiring movement of cash and

on the Cash Supersheet.






applicable.


noted.


for reviewing reports and


exchanges.





4.4 Transactions rejected by TA2000 are

listed on various rejected transaction reports.

The TA2000 system produces exception

reports which indicate transactions that have

not been processed in whole or in part.


to process improper trades to

determine posting to the

appropriate exception and warning

reports.


noted.


reviewing and resolving

daily items appearing on

the rejected transaction

reports. The user is also

responsible for reviewing

and resolving with

brokers, items appearing

on daily listings of “fail-

file” activity.

4.5 Confirmed purchases or redemptions,

which are rejected due to a lack of specific

information or lack of payment, are

maintained in the “fail/free file” or the “fail

file,” respectively. The system produces the

Fail/Free Daily Balance Listing Report,

which details confirmed

purchases/redemptions. System edit and

validation routines ensure orders for

confirmed purchases and redemptions are

correct.


to process a confirmed purchase

and redemption lacking specified

information and/or lack of

payment to test system edit and

validation routines for confirmed

purchases and redemptions and

inclusion on the “fail/free file” or

“fail file,” as applicable.


process confirmed purchases to

verify posting to the Fail/Free

Daily Balance Listing Report.


noted.



with brokers items

appearing on daily listings

of “fail file” activity.





4.6 TA2000 allows pre-edit of

checkwriting redemption (CWR) items

received by the bank to determine

acceptability of such items or segregate

individual items for review based on

predetermined criteria (i.e., dollar amount).


management as to the system

infrastructure surrounding CWRs.


noted.


reviewing pre-edit reports.

4.7 Comp/Recon systematically compares

expected bank and fund processing activity to

actual TA2000 processing and bank activity

and identifies exceptions.

Reperformance Validated the

TA2000 Daily Balancing

Verification Summary report

compares TA2000 bank balances

to actual bank balances and

identifies exceptions.


noted.


reviewing identified

exceptions.

4.8 The TA2000 Daily Balancing

Verification Summary Report compares

TA2000 bank balances to actual bank

balances.

Reperformance Validated that

Comp/Recon compares expected

bank and fund processing activity

to actual TA2000 processing and

bank activity and identifies

exceptions, if any.


noted.


reviewing the TA2000

Daily Balancing

Verification Summary

Report.





4.9 A payee different than the shareowner

can be entered. A report identifying

redemptions with special payee is produced.


management as to the system

infrastructure and reporting

surrounding special payees.


noted.




reviewing redemptions

with special payees for

propriety.

4.10 TA2000 maintains a check

reconciliation file for checks written by the

system. TA2000 systematically balances and

compares the outstanding checks detail to the

summary of the outstanding checks on the

check reconciliation system (Comp/Recon)

and posts exceptions to the "Check Activity

Discrepancy Report".


for evidence that an exception

posted to the "Check Activity

Discrepancy Report" when the

outstanding check detail did not

balance with the check

reconciliation system

(Comp/Recon).


noted.


reviewing daily check

activity and reconciling

such activity to TA2000.



Terminal Access – Systematic Restrictions 5. Controls provide reasonable assurance that access to the TA2000 system terminals is systematically restricted.


5.1 Valid user identification numbers and

passwords are required to access TA2000.

Such numbers and passwords are checked

against the security record which allows

access based upon established online

facilities. Passwords must be changed every

30 days. Invalid passwords will suspend the

related ID after a specific number of

attempts. If no activity has occurred for two

hours, the operator is logged off the TA2000

system.

Reperformance Attempted to

gain access to TA2000 using

invalid user identification numbers

and passwords for evidence that

the validation routines

appropriately deny access and that

the ID was suspended after the

specified number of invalid access

attempts.

Utilized the TA2000 system to

verify that passwords must be

changed every 30 days and the

operator was logged off the system

after two hours of inactivity. In

addition, validated that invalid

passwords suspended the related

ID after three invalid login

attempts.


noted.

User activities or controls

are required to achieve

adequate control. User

personnel are responsible

for the following functions

in the security system:

Establishing operator

security records

Defining the accesses

allowed for each

terminal and operator

Controlling the

capability to modify

accesses

Periodically reviewing

the Daily Operator

Update Report to

determine propriety of

changes to individual

operator security records



5. Controls provide reasonable assurance that access to the TA2000 system terminals is systematically restricted.


5.2 An operator security record must exist

in the security file for each operator that is

allowed access to TA2000. The operator

security record can limit access by

management code.

Reperformance Utilized the

TA2000 system to attempt to gain

access to restricted user functions

and management companies within

TA2000.


noted.

User controls are required

to achieve adequate control.

User personnel are

responsible for the

following functions in the

security system:


security records


allowed for each operator

Controlling the capability

to modify accesses


the Daily Operator

Update Report to



operator security records



Printed Output – Accuracy and Completeness 6. Controls provide reasonable assurance that printed output is processed accurately and completely.


6.1 The TA2000 system systematically

produces a data file designating output to be

mailed based on established criteria for

confirmations, statements and negotiables.

DST Output receives the data file through

transmission or upload.

Observation Observed a data

file being produced by the TA2000

system.


noted.

Not applicable.

6.2 DST Output jobs are not released to

production without client approval.

Inspection Inspected a sample of

production orders processed

during the period for evidence of

approval of completeness and

accuracy before the orders were

released.


noted.

Not applicable.



6. Controls provide reasonable assurance that printed output is processed accurately and completely.


6.3 Production orders are systematically

produced for each output job. Work will not

be produced without a production order for

that work. Immediately after printing of a

job, the file is purged from the printer‟s

queue and the system reflects that the job

status is “Printed”.


process performed by the staff to

determine they have received a

valid print production order.

Additionally, observed the print

queue status after printing of a job

and observed a tape being marked

with “PM” for Printed Matters

(tapes are Kansas City only).


noted.

Not applicable.

6.4 The reconciliation of check and non-

check insert production orders is performed

by either the Insert Operator or a

Reconciliation Associate and confirmed by

entering the completed number of pieces into

the system and then logging the order out of

the system to indicate it is closed. Output

associates review the open orders report daily

to research and resolve open orders.

Inspection Inspected a sample

of check and non-check insert

production orders processed

during the period for evidence of

reconciliation in the system.

Additionally, inspected a sample

of open orders for evidence of

resolution in the system.


noted.

Not applicable.



6. Controls provide reasonable assurance that printed output is processed accurately and completely.


6.5 Quality Assurance performs random

quality reviews on check and non-check

production orders at various points

throughout the insert process.

Observation Observed random

quality reviews on check and non-

check production orders at various

points throughout the insert

process.


noted.

Not applicable.



Safeguarding of Negotiable Instruments by DST Output 7. Controls provide reasonable assurance that negotiable instruments are properly safeguarded by DST Output.


7.1 Pre-numbered checks are physically

secured before use in production of

negotiable instruments. Only authorized

Control Clerks pull check stock from

inventory for use in production.

Observation Observed that pre-

numbered checks are physically

secured before use in production of

negotiable instruments.

Inspection Utilizing the list of

associates authorized to perform

check control clerk functions

inspected a sample of check

control logs or negotiable

document request/issuance forms

to verify the check control clerks

that pulled the checks appeared on

the authorization list.


noted.

Not applicable.

7.2 Access to the check signature file is

restricted to authorized personnel.

Inquiry Inquired of

management regarding the

restriction of access to the check

signature file.


noted.

Not applicable.

7.3 Access to check signature files is

segregated from access to physical check

stock.

Inquiry Inquired of

management regarding the

segregation of access to check

signature files and access to

physical check stock.


noted.

Not applicable.



7. Controls provide reasonable assurance that negotiable instruments are properly safeguarded by DST Output.


7.4 Negotiable instruments are physically

secured throughout the production process

once printed with signatures.


physical security of negotiable

instruments throughout the

production process once printed

with signatures.


noted.

Not applicable.

7.5 After each check order has completed

printing, a reconciliation form is completed

which includes the number of check stock

pulled, printed, mutilated and unused.

Additionally, unused and misprinted check

stock is accounted for at the end of each check

printing order and destroyed at the end of each

production work shift.


process for unused and misprinted

check stock, verifying it was

accounted for at the end of each

check printing order and destroyed

at the end of each production work

shift. Additionally, observed the

completion of a reconciliation form

after a check print order was

completed.


completed check production orders

for the test period to verify that

check stock was accounted for

appropriately on the check

reconciliation form.


noted.

Not applicable.

TA2000 Subaccounting Transaction System Processing Controls 87


TA2000 Subaccounting Transaction System Processing Controls

Transaction Accuracy and Aggregation 8. Controls provide reasonable assurance that TA2000 Subaccounting transactions are aggregated completely and

accurately processed.


8.1 Trade transmissions received from the

client brokerage system are filtered through

preprocessing edits to confirm that necessary

information to process the trades is provided

and valid.


to verify that necessary information

needed to process the trades is

provided and valid.


noted.

Not applicable.

8.2 Transactions, received from the

brokerage system, are grouped together by the

TA2000 Subaccounting application based on

established transaction type criteria to create

omnibus transactions. These transactions are

put in an outbound transmission file for

processing and the trades are posted to the

omnibus account.



and verified that trades were

grouped together by the TA2000

Subaccounting application to create

omnibus transactions. Additionally,

verified that transmitted omnibus

trades were posted to the omnibus

account via the brokerage platform.


noted

Not applicable.



8. Controls provide reasonable assurance that TA2000 Subaccounting transactions are aggregated completely and

accurately processed.


8.3 The TA2000 Subaccounting Share

Proof function is used to identify differences

between the omnibus balance and the

TA2000 Subaccounting balance so that

corrective action can be taken by the Broker

Dealer.


to process redemption and

purchase transactions to verify that

the Subaccounting Share Proof

function identified differences

between the omnibus balance and

the TA2000 Subaccounting

balance.


noted.

Not applicable.

8.4 TA2000 Subaccounting transmits

trade confirmations on individual trades back

to the broker‟s system.



to verify that TA2000

Subaccounting transmitted trade

confirmations back to the broker‟s

system.


noted.

Not applicable.

TRAC Transaction System Processing Controls 89


TRAC Transaction System Processing Controls

Transaction Accuracy and Timeliness 9. Controls provide reasonable assurance that TRAC transactions are processed accurately and timely.


9.1 Certain information is required for

establishment of an account, without such

information TRAC will not allow processing.

This includes:

Name

Address

ZIP Code

Social Code

State or Country Code

Tax ID Code/TIN Code

TRAC verifies that the zip code in the

address is a valid zip code for the state code

entered.


to establish a new account to test

the operation of the online editing

and formatting routines.


noted.



processing and the

appropriate TRAC


ensure propriety of




9. Controls provide reasonable assurance that TRAC transactions are processed accurately and timely.


9.2 During information input as a part of

participant setup, online edits are performed

to ensure validity of such items as Plan ID

and Investment Company.


to establish a new participant to

verify that the TRAC system

infrastructure surrounding the

participant setup edit and

validation routines exists as

described herein.


noted.


ensuring that participant

setup processing is

complete and accurate.





9.3 TRAC provides real-time processing

for maintenance activity. In addition to

immediate online review of plan and

participant maintenance information, a

Voluntary Maintenance Journal is created out

of TRAC nightly processing, which shows,

for fields changed on the participant master,

the value of the field before the change.

Participant master maintenance history is also

available for online review and reflects

previous field values.


to establish a new participant and

perform maintenance activity to


infrastructure surrounding real-

time update of system records and

availability of maintenance activity

for online review is accurate as

described herein.

Utilized an ITF to process a

change to the participant master to

verify appropriate posting to the

Voluntary Maintenance Journal

and proper inclusion on the online

history of the participant master

file maintenance. Additionally,

utilized an ITF to process a change

to the fiduciary file to verify

appropriate posting to the General

Journaling Facility. Verified for

fields changed on the participant

master and for fields changed on

the fiduciary file the reports listed

the value of the fields before the

change and after the change.


noted.


reviewing “before and

after” reporting for

control over maintenance

history changes.


reviewing maintenance

journals for accuracy and

completeness.





9.4 Maintenance activity is propagated

through the TRAC facilities to ensure

consistent information across common

information components. Maintenance

activity journals produced in the nightly

processing cycle reflect maintenance

processed on the system, including before

and after values of the fields changed.

Maintenance processing for internal mutual

fund accounts update through the TRAC

nightly processing cycle.


to perform maintenance activity to



posting of maintenance activity to

TRAC and activity journals and

the availability of maintenance

activity for on-line review exists as

described herein.


noted.


for reviewing

maintenance journals for

accuracy and

completeness.

9.5 TRAC utilizes DB2 referential

integrity rules to ensure transactions are

properly recorded in participant accounts.

Inquiry Inquired of management

as to the TRAC system

infrastructure to determine that the

controls exist as described herein.


noted.

Not applicable.





9.6 TRAC Roster processing provides for

transactions to be placed in a pending status

until they are processed through the next

nightly cycle. Batch numbers are

systematically assigned (or manually

assigned by the client) after the transaction is

entered. Any pending transactions can be

deleted anytime prior to the nightly cycle.

Roster processing provides an online edit to

prevent the release of any batch when the

total dollar amount does not equal the detail

participant activity. The ability to override

this edit exists within TRAC.


to process various Roster

transactions to verify that the

TRAC system infrastructure

surrounding the systematic

assignment of batch numbers and

the Roster processing online edit

preventing the release of out of

balance rosters exists as described

herein.


noted.


ensuring that items

received are routed to

information entry or other

processing areas.


responsible for balancing

the roster information to

the detail participant

activity and resolving any

differences.

9.7 During information input online

formatting and editing routines are

performed. Edit tests for the validity of such

items as fund code, participant account

number, check number, management code

and status are performed by TRAC.


to test that online editing and

formatting routines are performed

by the TRAC system.


noted.



processing and the

appropriate TRAC


ensure propriety of






9.8 TRAC will not allow a withdrawal

against a non-existent participant account.


to attempt a distribution from a

non-existent participant account to


infrastructure surrounding

distribution edit routines exists as

described herein.


noted.


for reviewing withdrawal

activity reflected in the

nightly distribution

reports and initiating

appropriate follow up.

9.9 TRAC nightly processing utilizes the

TRAC pricing routines. Guaranteed

Investment Contract (GIC) rates are

calculated each night through an algorithm

which uses the GIC contract start date,

maturity date and rate.


to process a contribution into an

investment vehicle utilizing GIC

pricing to determine accurate

calculation by the TRAC system.


noted.


for assuring that proper

GIC rates are used and

for monitoring the

changes noted in the GIC

Rate Change Report.





9.10 Transfers and exchanges at an amount

in excess of the participant‟s account values

are prohibited and will result in an online

error message. TRAC processes in a real-

time environment. Participant account

balance is reduced immediately after the

withdrawal transaction is entered into the

system. Any transactions rejected during the

nightly process will set to an “open” status

and are reflected in the Cumulative Open

Item Report.


to process transfer and exchange

transactions to verify that the


surrounding transfer and exchange

edit routines and real-time update

of system records for transfers and

exchanges exists as described

herein.


noted.


for monitoring the Pre-

Nightly Exception

Journal and Control

Totals Report and the

Cumulative Open Item

Report, in addition to

correcting rejected items

and incomplete

processing.

9.11 Transaction records are created out of

nightly processing reflecting share and/or

cash transactions to participant accounts. If a

transaction is cancelled, a record is created

which reverses the effect of the original

transaction and the original transaction is

retained.


to process a purchase, exchange,

redemption, dividend adjustment

and cancellation transaction and

verified each transaction was

appropriately posted to the

transaction record. Additionally,

verified the original transaction

was retained after a cancellation

was processed.


noted.



resolution of transactions

requiring cancellation

and for determining that

such transactions are

ultimately appropriately

processed.





9.12 TRAC allows processing “as-of” a

trade date which is different from the current

date. The system requires the user to enter a

reason code for these items. Online history

and participant statements reflect both trade

date and confirm date for transaction

processing activity.


to process a distribution with an

“as-of” date to verify that the


surrounding trade date validation

and “as-of” trade processing exists

as described herein.


noted.

User controls should


the proper trade date is

indicated on the

supporting

documentation and that

such date is entered to

system. The user is also

responsible for timely

entry of such

transactions. Lastly, the


reviewing reason codes

assigned to transactions

for propriety.

9.13 A payee different than the participant

can be entered. The nightly distribution

report and participant check register reflect

the participant account information as well as

the special payee information. Clients have

the option of providing voided checks with

payment information to the participant when

checks to a special payee have been

processed.


to process a distribution with a

special payee to verify that the


surrounding special payee

processing and reporting of special

payee transactions exists as

described herein.


noted.

User is responsible for


controls over special

payee processing.





9.14 TRAC history is maintained by status.

Transactions entered into the system are

either processed and placed in a confirmed

status, or rejected and placed in an open

status.


to process a variety of transactions

to verify that the TRAC system


maintenance of accepted

transactions in “confirmed” status,

the maintenance of rejected

financial transactions in “open”

status until cancelled or

reprocessed, posting of rejected

transactions to rejected transaction

reports and the availability of

rejected transactions for online

review exists as described herein.


noted.


for monitoring rejected

transactions with an

open status.





9.15 TRAC operates real-time and sets

entered transactions to a pending status to be

processed during the nightly cycle. Pending

trades are included in any subsequent online

inquiries made throughout the day based on

yesterday‟s price for each investment vehicle.

By recognizing pending trades, subsequent

transaction edits reflect the effect of these

transactions. Pending batches at the end of

the day are processed in the current nightly

update. The nightly update process is

performed each night the stock exchanges are

open.


to process a transaction to verify

that the TRAC system


real-time update of system records

for transaction processing and the

availability of pending trades for

online review exists as described

herein.


noted.


for the input of the daily

price and/or daily

dividend rate before the

nightly batch process

commences.

9.16 The online distribution functions

prevent errors from entering the system and

errors, when encountered, are highlighted

with a descriptive message provided to the

operator detailing the cause of the error.

Online edits prevent the operator from

processing hardship withdrawals and

participant loans taken in excess of available

amounts.





distribution and loan related

transaction edit routines, including

the posting of rejected transactions

to rejected transaction reports,

exists as described herein.


noted.


for reviewing withdrawal

activity reflected in the

nightly distribution

reports and initiating

appropriate follow up.





9.17 TRAC financial transactions which

are rejected by the system are placed into an

“open” status and can be reviewed through

the participant history online or on various

rejected transaction reports. TRAC

maintains”open” transactions until they are

subsequently cancelled or reprocessed.


to process a contribution

transaction and verify that the


surrounding the maintenance of

rejected financial transactions in

“open” status until cancelled or

reprocessed, posting of rejected

transactions to rejected transaction

reports and the availability of

rejected transactions for online

review exists as described herein.


noted.

User controls are

required to ensure that

rejected items are

reprocessed. Plan within

Funds and Assets within

Plan supersheets are

available to users who

are responsible for the

reconciliation of bank

activity to processing

activity.





9.18 Programs for TRAC nightly

transaction processing generate daily

confirmations in the form of audit reports to

reflect enrollment, transaction and

maintenance activity. In addition, statements

are run at the discretion of the Plan

Administrator and are not limited to any

particular time frame. Participant statements

reflect processing activity within a specified

time frame. Lastly, a monthly report package

is generated for the Sponsor/Employer

Company and Trustees of the plan receive a

monthly Trust Report reflecting all Plan

activity. Both the Trust report and report

packages are not limited to a monthly time

frame.





accurate generation of audit

reports and activity included on

participant statements and monthly

reports exists as described herein.


noted.

System controls are

designed to detect

unauthorized

transactions. User

activities or controls are

necessary to provide

assurance that entry of

unauthorized

transactions to the

system is prevented.





9.19 A participant history and transaction

record is created for dollar transactions

affecting participant value.




infrastructure surrounding accurate

generation of participant history

and transaction records exists as

described herein.


noted.


for review of the Plan

within Funds and Assets

within Plan Supersheets.

9.20 Bulk transmissions are received by

TRAC in batches with either batch header or

trailer information containing the total

number of accounts and shares and/or dollars.

These totals are verified by TRAC after each

transmission. If the calculated totals and the

trailer records do not agree, the transmission

is rejected.


to process a contribution and


infrastructure surrounding TRAC

transmissions exists as described

herein.


noted.


for reconciling items

entered to items

processed. Exception

items can be traced

through the “Pre-Nightly

Exception Journal and

Control Totals” report.





9.21 TRAC fully integrates with the

TA2000 system and provides daily updates to

the fund supersheets which indicate the

movement of cash needed between accounts

as a result of the current day‟s activity. In

addition, TRAC generates supersheet reports

to facilitate the control of GIC cash

movements.



investment vehicle using GIC

pricing to verify that the fund

supersheets included the

movement of cash needed between

accounts as a result of the current

day's activity.


noted.


for initiating and

controlling cash

movements. Also, the


requiring adequate

documentation for

transactions and


trades to supporting

cash activity.

9.22 TRAC fully integrates with the

TA2000 mutual fund pricing. TRAC

calculates a daily value on each GIC based

upon the rate established by the operator.

Authority for updates to GIC contract rates is

secured through operator security.


TRAC system to verify the


capability to restrict the ability to

update GIC contract rates as

described herein.


noted.


for establishing

operator security for

investment provider

information and

ensuring the correct

rates have been entered.

9.23 For outside investment vehicles,

TRAC utilizes a separate price file for daily

valuation.



outside investment vehicle to



valuation of outside investment

vehicles exists as described herein.


noted.


for providing timely

and accurate pricing

information for outside

investment vehicle

pricing on TRAC.





9.24 For outside investment vehicles,

TRAC ensures that trades have a valid trade

date when transactions are processed.

Inquiry Inquired of management

as to the TRAC system


processing outside investment

vehicles transactions to determine

that the controls exist as described

herein.


to process a distribution with an

„as-of‟ date to verify that the


surrounding trade date validation



noted.


for providing timely and

accurate pricing

information for outside

investment vehicle

pricing on TRAC.

9.25 The TRAC system prevents additional

interest from being accrued due to late

payment when the loan type is established

under the Expected Loan Payment method.


to process a loan payment on a

participant loan that uses the

Expected Loan Payment method to


infrastructure surrounding loan

payments exists as described

herein.


noted.


for establishing loan

parameters controlling

late payment interest

calculations according to

the plan document.





9.26 Daily dividend accruals are calculated

and appropriately updated to participant

accounts by TRAC during nightly processing.


to process a dividend to determine

accurate calculation by the TRAC

system during nightly processing

and proper posting to participant

account.


noted.


for entering dividend

calculation information.





9.27 The shares related to the “fail” and

“fail/free” files of confirmed purchases and

redemptions are included or excluded from

the dividend calculation, as appropriate, by

TRAC.

TRAC computes a dividend transaction for

each participant as of the record date. This

transaction record is posted to the

participant‟s account in the next TRAC

nightly cycle. If a participant‟s account was

not posted, the totals for the fund would not

agree to the summation of the participant‟s

records. This out-of-balance condition would

be included on the Supersheet Audit Report.



computes a distribution transaction

based upon shares as of a certain

record date, which is posted to the

participant‟s account or

outstanding order.

Utilized an ITF to process a

dividend subsequent to processing

confirmed transactions to


participant accounts.


noted.



processing and the

appropriate TRAC

exception reports to ensure


entered. In addition, the

following responsibilities

should also be performed:

Reconciliations, as

described in objective 4,

can detect certain types

of errors made in

processed transactions.


for reconciling the

dividend cycle

processing and

determining propriety

thereof.


for reviewing any out of

balance condition on the

supersheet report and

reconciling dividends

calculated to dividends

posted using the

exception and control

reports.





9.28 For daily dividend funds, the TRAC

system computes any dividend adjustments

resulting from “as-of” transactions and

produces the Daily Dividend Adjustment

Calculation and the Daily Update Error

Listing reports showing the transactions and

resulting dividend adjustments. A decrease

dividend adjustment will be rejected if there

are insufficient shares in the account. If

dividend adjustments are not posted, they

appear on the Daily Update Error Listing

report.

For non-daily dividend funds, the Record

Date Journal is produced which shows any

“as-of” transactions with a trade date prior to

any previous record date.

TRAC requires the entry of the current day‟s

rate and the net change from the prior day. If

the prior rate plus or minus the net change

does not equal the current rate, TRAC will

not accept the rate.

The Daily Update Error Listing report is

accurately generated and transmitted to the

fund‟s portfolio accountants. This report

includes the daily dividend accrual, month to

date accrual and the number of record date

shares.


management regarding decreased

dividend adjustments and the

rejection of such adjustment if

there are insufficient shares in an

account.


to process a dividend on a daily

dividend fund for evidence of the

accurate calculation of the

dividend by TA2000.


test that online edit and validation

routines surrounding dividend

processing are performed by

TA2000. Also, utilized an ITF to

process dividend adjustments for

evidence of proper posting to the

participant account. Lastly, utilized

an ITF to process transactions

(purchase, redemption, etc.)

adjustments for evidence that

system generated adjustments were

appropriately calculated and

posted to the participant account.


noted.




review and follow-up of

the Daily Update Error

Listing report. For daily

dividend funds, it is the

user‟s responsibility to

post any dividend

adjustments to the

participant accounts not

posted by the system.

For non-daily dividend

funds, the user is

responsible for calculating

the amount of the dividend

adjustment using the

Record Date Journal and

posting the adjustment to

the account.

The user is also

responsible for

establishing the proper

options for accruals and

payments of dividend

funds.





9.29 TRAC provides a Plan Summary

Position Account Update report which

reflects participant status, asset loans and

open item changes made within TRAC.

Additionally, discrepancies, if any, between

TA2000 and TRAC, by participant, would be

reflected within the report.


to establish a new participant and


infrastructure surrounding updates

made within TRAC and the

generation of the Plan Summary

Position Account Update report



noted.


investigation and resolution

of any out-of-balance

conditions appearing on the

Plan Summary Position

Account Update reports.

9.30 TRAC calculates tax withholdings

based on system inputs entered by the

processor.


to verify TRAC accurately

calculated the tax withholding

amount based on system inputs.


noted.

Not applicable.



Pricing Accuracy 10. Controls provide reasonable assurance that TRAC transactions are processed at the proper price based on system

input.


10.1 Edits exist within TRAC to validate

that the fund's new price/rate equals the

previous day's price/rate plus/minus the net

change transmitted. TRAC maintains a Daily

Price File which contains prices for each

fund.

Both sides of exchanges are priced at the

same time to assure the proper prices are

used.

The use of batch totals for purchase and

redemption input provides assurance that the

dollar amount of the individual transactions is

correct.


to test that online edit and

validation routines surrounding

fund pricing are performed by the

TA2000 system. Additionally,

utilized an ITF to generate test

exchange transactions to determine

that both sides of the transaction

are appropriately priced.


noted.


entering all prices,

reviewing the available

TRAC reports and ensuring

the correction of any prices

not properly entered.


responsible for

investigation and reentry of

exchanges which are

rejected during nightly

processing. Such items are

listed on the Daily

Transaction Work File

Deletions Report.



10. Controls provide reasonable assurance that TRAC transactions are processed at the proper price based on system

input.


10.2 TRAC converts dollars to shares and

maintains account balances in shares.

TRAC generates a Daily Price Update report

which lists prices entered.

TRAC will not process any transactions

without a current price for the fund for that

trade date. TRAC produces a Consolidated

Error Report showing items rejected because

of no price. TRAC will interrupt processing

when a predetermined number of errors is

reached.


to generate test transactions for

evidence that the TRAC system

appropriately converts dollar based

transactions to shares during

nightly processing and maintains

accounts in shares. Also utilized an

ITF to generate test transactions

entered without a daily price file to

determine that the TRAC system

appropriately rejected the

transactions and posted them to the

Consolidated Error Report.


noted.

The user is responsible for:

Entering all prices

initially.

Reviewing the error

reports.

Reentering any prices

that were not correctly

entered.



10. Controls provide reasonable assurance that TRAC transactions are processed at the proper price based on system

input.


10.3 TRAC calculates Net Unit Value

(NUV) pricing based on daily prices and

other factors included in the price calculation

provided by the client for TRAC valuation.



investment vehicle using NUV

pricing to verify that the TRAC

system infrastructure surrounding

accurate NUV pricing exists as

described herein.


noted.


establishing the operator

security for investment

provider information related

to external mutual funds

and annuities and ensuring

the correct NAV prices and

Mortality and Expense

factors have been entered.

This information is used in

the final NUV price

calculation.

10.4 The TRAC system charges a fee based

on the establishment of fund thresholds

designating a short term trade.


to process a series of transactions

to verify that the short term trade

fees were accurately calculated

and applied by the TRAC system

in accordance with operating

procedures.


noted.



fund thresholds.



Activity Reconciliation 11. Controls provide reasonable assurance that TRAC transactions activity is reconciled.


11.1 Transactions rejected by TRAC are

listed on various rejected transaction reports.

The TRAC system produces exception

reports which indicate transactions that have

not been processed in whole or in part.


to process improper trades to

determine posting to the

appropriate exception and warning

reports.


noted.



daily items appearing on the

rejected transaction reports.


for reviewing and resolving

with brokers, items



11.2 Confirmed purchases or redemptions,

which are rejected due to a lack of specific

information or lack of payment, are

maintained in the “fail/free file” or the “fail

file,” respectively. The system produces the

Fail/Free Daily Balance Listing Report,

which details confirmed

purchases/redemptions. The client is

responsible for follow-up with brokers. This

follow-up may be performed by DST at the

client‟s request. System edit and validation

routines ensure orders for confirmed

purchases and redemptions are correct.


to process a confirmed purchase

and redemption lacking specified

information and/or lack of

payment to test system edit and

validation routines for confirmed

purchases and redemptions and

inclusion on the “fail/free file” or

“fail file,” as applicable.


process confirmed purchases to

verify posting to the Fail/Free

Balance listing.


noted.



with brokers items





11. Controls provide reasonable assurance that TRAC transactions activity is reconciled.


11.3 TRAC generates reports of wire

redemption activity, including the Wire


Redemptions and the Wire Instruction Report

for Direct Redemptions. The Bank

Instruction Maintenance Journal lists changes

to wire instructions. The Expedited

Redemption Warning Report lists accounts

where a redemption occurred on the same

day a change in wire instructions was

performed.


to process an expedited

redemption and a direct

redemption of shares by wire for

evidence of posting on the Wire


Redemptions and Wire Instruction

Report for Direct Redemptions,

respectively. Additionally, utilized

an ITF to attempt to change wire

instructions on a wire redemption

and to perform a redemption on

the same day a change in wire

instructions was performed to

determine posting to the Bank

Instruction Maintenance Journal

and Expedited Redemption

Warning Report, respectively.


noted.


for review and follow up

on wire redemption

control reports including

the daily balancing and

reconciliation functions.





11.4 Recorded exchanges will be included

on the TRAC Daily Distribution of Cash

Report requiring movement of cash and on

the Cash Supersheet.






applicable.


noted.


for reviewing reports and


exchanges.

11.5 TRAC produces a Cash Supersheet

which details cash activity and a Daily

Distribution of Cash report which indicates

the movement of cash needed between

accounts as a result of the current day‟s

activity. In the Same Day Cash Management

(SDCM) environment, cash supersheets,

accurate at a point in time, may be generated

throughout the day to allow for more timely

money movement.






applicable.


noted.


for initiating and

controlling cash

movements. The user is


requiring adequate

documentation for

transactions and


trades to supporting cash

activity.





11.6 TRAC maintains a check

reconciliation file for checks written by the

system. TRAC systematically balances and

compares the outstanding checks detail to the

summary of the outstanding checks on the

check reconciliation system (Comp/Recon)

and posts exceptions to the "Check Activity

Discrepancy Report."

Inquiry Inquired of TRAC

management as to the edits in

place which compare outstanding

check detail to the summary of

outstanding checks on the

Comp/Recon system.


for evidence that an exception

posted to the “Check Activity

Discrepancy Report” when the

outstanding check detail did not

balance with the check

reconciliation system

(Comp/Recon). Additionally,

utilized an ITF to issue a manual

check and verify reconciliation of

the check through check status

updates and TRAC reports.


noted.


reviewing daily check

activity and reconciling

such activity to TRAC.





11.7 The following reconciling procedures

are performed during nightly processing:

The participant history records are

accumulated and added to the

beginning share balances on the

participant master and reconciled to

the ending share balances on the

participant master. Any differences

are printed on the Daily Fund Share

Balance Error Listing (only accounts

with exceptions or differences will

appear on the report).

The cumulative ending participant

balances are reconciled to the fund

total per the supersheet file. Any

differences are printed on the

Supersheet Audit Report.


to generate test transactions and

determine differences, if any, were

appropriately posted to the Daily

Fund Share Balance Error Listing

and/or Supersheet Audit Report.


noted.


investigation and

resolution of any out-of-

balance conditions

appearing on exception

reports.



Systematic Restriction of Access 12. Controls provide reasonable assurance that access to the TRAC application is systematically restricted.


12.1 An operator security record must exist

in the security file for each operator that is

allowed access to TRAC. The operator

security record can limit access by

management code.


TA2000 system to attempt to gain

access to restricted user functions

and management companies within

TA2000.


noted.

User controls are required

to achieve adequate

control. User personnel are

responsible for the

following functions in the

Application Control

Security System:


security records.


allowed for each

operator.

Controlling the


accesses.


the Daily Operator

Update Report to



operator security

records.



12. Controls provide reasonable assurance that access to the TRAC application is systematically restricted.


12.2 TRAC accounts can only be accessed

by individuals who are assigned TRAC

processing capabilities. For internal mutual

fund accounts, TA2000 contains a system

flag at the account level, identifying TRAC

accounts. This flag prevents TA2000

processors access to TRAC accounts.


TRAC system to attempt to gain

access in order to verify that the


restriction of processing

capabilities to authorized users



noted.


establishing and monitoring

appropriate controls over

the Information Security

function.





12.3 Valid user identification numbers and

passwords are required to access TRAC.

Such numbers and passwords are checked

against the security record which allows

access based upon established online

facilities. Passwords must be changed every

30 days. Invalid passwords will suspend the

related ID after a specific number of

attempts. If no activity has occurred for two

hours, the operator is logged off the TRAC

system.

Reperformance Attempted to

gain access to TA2000 using

invalid user identification numbers

and passwords for evidence that

the validation routines

appropriately deny access and that

the ID was suspended after the

specified number of invalid access

attempts.

Utilized the TA2000 system to

verify that passwords must be

changed every 30 days and the

operator was logged off the system

after two hours of inactivity. In

addition, validated that invalid

passwords suspended the related

ID after three invalid login

attempts.


noted.

User activities or

controls are required to

achieve adequate

control. User personnel

are responsible for the

following functions in

the Application Control

Security System:


security records.


allowed for each

terminal and operator.

Controlling the


accesses.


the Daily Operator

Update Report to



operator security

records.





12.4 In addition to terminal and operator

security, TRAC provides security to be

established at the investment company, plan,

facility and function levels. Within each

online function an operator can be limited to

browse, update, add or delete access.


TRAC system to verify the


capability to restrict access to the

investment company, plan, facility

and function levels exists as

described herein.


noted.


establishing and

monitoring appropriate

controls over the

Information Security

function.

Chapter III:

DST's Control Objectives, Controls and Tests of Operating

Effectiveness of Information Processing General Computer

Controls

Information Processing General Computer Controls 123


DST's Control Objectives, Controls and Tests of Operating Effectiveness of Information Processing General Computer Controls

DST management has specified certain control objectives that it believes are relevant

to its clients and their auditors and has identified its control activities in place to

achieve those objectives.

Fourteen control objectives have been identified and are grouped into eleven major

functional areas, which are as follows:

IT General Computer Controls

Organization and Administration 1. Controls provide reasonable assurance that relevant corporate policies are

communicated and acknowledged by new employees and contractors and

background checks are performed.

Physical/Logical Security 2. Controls provide reasonable assurance that physical access to production

computer systems and operator consoles is limited to authorized individuals.

3. Controls provide reasonable assurance that logical access to production data,

programs, data files and system parameters is restricted to properly

authorized individuals and programs.

System Software Maintenance and Implementation 4. Controls provide reasonable assurance that system software changes

including installations, upgrades, patches and functionality changes are

documented, tested and approved.

Computer Operations – Backups/Problem Management 5. Controls provide reasonable assurance that current and successful backups of

programs and data are performed and monitored.

6. Controls provide reasonable assurance that hardware and system software

problems are monitored, tracked and resolved.

Network Security 7. Controls provide reasonable assurance that external access to internal DST

data and systems is limited to individuals with a legitimate business need.



Network Modifications

8. Controls provide reasonable assurance that modifications to network Access

Control Lists are documented, logged and approved.

Information Processing General Computer Controls


and Job Monitoring

9. Controls provide reasonable assurance that TA2000, TA2000 Subaccounting

and TRAC application software modifications are logged, tested and

approved.

10. Controls provide reasonable assurance that TA2000, TA2000 Subaccounting

and TRAC jobs are monitored and that errors are resolved.

AWD Application Software Modification

11. Controls provide reasonable assurance that AWD application software

modifications are tested and approved.

TA2000 Desktop/TA2000 Subaccounting Desktop/TRAC Desktop/DST

SmartDesk/Compliance Workstation Application Software Modifications

12. Controls provide reasonable assurance that Desktop application software


FAN Web/Vision/TRAC Web/E-commerce Core Application Software

Modification

13. Controls provide reasonable assurance that FAN Web/Vision/TRAC Web/

E-commerce Core application software modifications are tested and

approved.

TA2000 Subaccounting Interface Monitoring

14. Controls provide reasonable assurance that TA2000 Subaccounting interfaces

are monitored.

PwC has determined the nature, timing and extent of testing to be performed in order

to determine if control activities specified by management are operating effectively.

DST‟s control activities and PwC‟s results of operating effectiveness are detailed

below. Further information on testing performed by PwC can be found in Chapter IV.

IT General Computer Controls 125


IT General Computer Controls

Organization and Administration 1. Controls provide reasonable assurance that relevant corporate policies are communicated and acknowledged by new

employees and contractors and background checks are performed.

Control Activities Tests Applied Results of Testing

1.1 Employees and contract new hires are

required to sign the Business Ethics and Legal

Compliance Policy, Acceptable Use Policy

(Computer and Telephone Systems),

Security/ID Procedures, Insider Trading Policy,

SecurID Policy and Communications Policy.

Inspection Inspected Human Resources

records for a sample of new and contract hires

for evidence that each signed the applicable

policies.

No relevant exceptions noted.

1.2 Criminal background investigations are

performed on new associates and contractors

and all associates and contractors are bonded.

Inspection Inspected Human Resources

records for a sample of new and contract hires

for evidence that criminal background checks

are performed.

Inspected DST‟s insurance policy for evidence

that associates and contractors are bonded.




Physical Security 2. Controls provide reasonable assurance that physical access to production computer systems and operator consoles is

limited to authorized individuals.


2.1 The data centers are equipped

with multi-layer security elements

which include:

Winchester Data Center:

Dual perimeter fences.

Concrete encased steel bollards to

prevent vehicles from entering.

Security guards and police officers

on-site.

Video surveillance.

Motion and disturbance detection.

Mantraps at entrances.

Mandatory visitor sign-in and

escorts.

AWD Data Center:

Security guards on-site.

Video surveillance.

Mandatory visitor sign-in and

escorts.

Winchester and AWD Data Center

Observation During a walkthrough of each data

center, observed multi-layer security elements.





2. Controls provide reasonable assurance that physical access to production computer systems and operator consoles is

limited to authorized individuals.


2.2 Individuals with the ability to

add, modify, or delete badge access are

appropriate.


Inspection Inspected a listing of all individuals with

access to add, modify, or delete badge access to determine

appropriateness.



2.3 Management approval is

obtained prior to granting access to the


computer rooms.


Inspection Inspected a sample of access requests for the

Winchester Data Center and AWD Data Center computer

rooms for evidence that the request was approved by

appropriate management.



2.4 Access for terminated associates

is removed within one business day of

notification.


Inspection Inspected documentation for a sample of

terminated employees and contractors for evidence that

access was removed within one business day of

notification.



2.5 Management reviews

Winchester Data Center and AWD Data

Center access quarterly to determine

appropriateness of access.


Inspection Inspected a sample of Winchester Data

Center and AWD Data Center access reviews for

existence and evidence of review.





Logical Security 3. Controls provide reasonable assurance that logical access to production data, programs, data files and system

parameters is restricted to properly authorized individuals and programs.


3.1 All requests for new privileged

user access must be approved by an

appropriate level of management.

Mainframe

Observation Observed a DST Transmission Form

request to determine the appropriateness of email

notification routing and that the approving manager field

is locked and cannot be changed by the requester.

Inspection Inspected a sample of Top Secret access

requests to determine if the request was approved by the

appropriate Top Secret resource owner.

UNIX

Observation Observed a UNIX request to determine

the appropriateness of email notification routing and that

the approving manager field is locked and cannot be

changed by the requester.

iSeries, Windows

Inspection Inspected a sample of new privileged user

access requests to determine if the request was approved

by the appropriate level of management.

UNIX

Inquiry Inquired of management as to the procedures

for approving privileged access for new users. Verified

that no new individuals obtained privileged access to

UNIX during the period.

Mainframe, UNIX, iSeries, Windows




3. Controls provide reasonable assurance that logical access to production data, programs, data files and system



3.2 Mainframe, UNIX and

Windows emergency access IDs are

assigned only when authorized by

management. Mainframe firecall IDs

are recertified every 90 days.

Mainframe

Observation Observed automatic routing of firecall

request forms to appropriate management for

authorization.

Inspection Inspected a sample of firecall IDs to

determine if they were authorized and recertified every

90 days by management or suspended.

UNIX, Windows

Inspection Inspected documentation to determine if

emergency access was authorized by management.

Mainframe, UNIX, Windows


3.3 Emergency access IDs for

iSeries are systematically removed

within 24 hours. System settings for

the emergency access removal job are

configured to systematically

communicate failures for resolution.

iSeries

Inspection Inspected a sample of job scheduling logs

and verified the automated job to remove emergency

access IDs ran daily.

Inspected iSeries automated tools for evidence that

security job failures are systematically communicated

for the iSeries platform.

iSeries







3.4 Privileged access for terminated

associates is removed in accordance

with established guidelines.

Mainframe

Inspection Inspected evidence of access removal and

compared to termination dates for a sample of users

with privileged access for evidence that access was

removed within 5 business days of termination.

UNIX

Inspection Inspected evidence of privileged access

removal and compared to termination dates for a sample

of users for evidence that access was removed within 1

business day of termination.

iSeries, Windows

Inspection Compared current system access listings

with the Human Resources termination listing for

evidence that all terminated associate access was

removed.



3.5 Privileged access for transferred

associates is validated as appropriate

by management or removed within 30

days from effective transfer date.

Mainframe, Windows

Inspection Inspected evidence to determine if

transfers have privileged access appropriately approved

or suspended timely.

UNIX, iSeries

Inquiry Inquired of management as to the procedures

for approving and suspending privileged access for

transferred users. Verified that no transfer of individuals

with privileged access to UNIX or iSeries occurred during

the report period.








3.6 SecurID administrators are

reviewed on a quarterly basis for

access appropriateness.


Inspection Inspected a sample of quarterly access

reviews performed by management of individuals with

administrative access to SecurID for existence and

evidence of review.



3.7 Mainframe, UNIX, iSeries,

Windows and CICS administrators are

reviewed for access appropriateness.

Mainframe

Inspection Inspected a sample of monthly

appropriateness reviews performed by management of

Mainframe administrators for existence and evidence of

review.

Inspection Inspected a sample of quarterly SYS1

reviews for existence and evidence of review.

UNIX, iSeries, CICS

Inspection Inspected a sample of quarterly

appropriateness reviews performed by management of

UNIX, iSeries and CICS administrators for existence

and evidence of review.

Windows

Inspection Inspected an annual appropriateness

review performed by management of Windows

administrators for existence and evidence of review.

Mainframe, UNIX, CICS, Windows


iSeries

For 1 of a sample of 2 quarterly reviews

selected, the review was not performed.

Management Response

Please refer to Management's Responses to

Identified Exceptions in Chapter V.

3.8 Audit logs are reviewed on a

monthly basis to ensure that IDs are

removed after 90 days of inactivity.

Mainframe

Inspection Inspected a sample of monthly audit log


Mainframe


3.9 Remedy approvers are reviewed

on a quarterly basis for access

appropriateness.

Remedy (Mainframe, UNIX, iSeries, Windows)

Inspection Inspected a sample of quarterly reviews

for existence and evidence of review.

Remedy (Mainframe, UNIX, iSeries, Windows)




System Software Maintenance and Implementation 4. Controls provide reasonable assurance that system software changes including installations, upgrades, patches and

functionality changes are documented, tested and approved.


4.1 Changes to system software are

documented, tested and approved at

the conclusion of testing.


Inspection Inspected documentation indicating a

sample of software changes received supervisor

approval of testing.



4.2 Changes to system software are

appropriately approved by

management prior to implementation

into the production environment.


Inspection Inspected documentation indicating a

sample of system software changes were approved prior

to implementation into the production environment.





4. Controls provide reasonable assurance that system software changes including installations, upgrades, patches and



4.3 Changes to iSeries system

software are documented, tested and

approved for production by an

appropriate level of management.

Approval for production encompasses

approval of testing.

iSeries

Inspection Inspected a sample of system software

changes for evidence of documentation, testing approval

and approval by an appropriate level of management,

prior to implementation into the production

environment.

iSeries


4.4 Programs defined in the

Program Properties Table (PPT) are

reviewed semi-annually for

appropriateness and changes made as

required.

Mainframe

Inspection Inspected the semi-annual review of

programs defined in the Program Properties Table (PPT)


Mainframe




4. Controls provide reasonable assurance that system software changes including installations, upgrades, patches and



4.5 Datasets defined in the

Authorized Program Facility (APF) are

reviewed semi-annually for

appropriateness and changes made as

required.

Mainframe

Inspection Inspected the semi-annual review of

datasets defined in the APF for existence and evidence

of review.

Mainframe


4.6 Firecall activity is logged and

routed to a firecall manager to review

for appropriateness. All firecall activity

must be reviewed within five business

days of manager receiving notification.

Mainframe

Observation Observed the Lotus Notes Firecall

Activity database to obtain evidence that only

authorized individuals can approve firecall activity.

Observed a firecall transaction to obtain evidence that

firecall activity is logged, only approved activity is

archived and email notification is provided to the

manager.

Inspection Inspected a sample of firecall activities for

evidence that manager review and approval occurred in

a timely manner.

Inspected system settings for evidence that notifications

are sent when firecall activity occurs, after three days

outstanding and after five days outstanding.

Mainframe




Computer Operations – Backups 5. Controls provide reasonable assurance that current and successful backups of programs and data are performed and

monitored.


5.1 Backups are performed on a daily basis

based on system configurations and are stored

at a secure, environmentally controlled, offsite

facility.

Mainframe, UNIX, iSeries

Inspection Inspected system settings for

evidence that backups are scheduled to occur

on a daily basis.

Mainframe

Observation Observed the existence of

software to monitor extended remote copy

(XRC) sessions and volumes and observed real-

time monitoring of XRC by the recovery

facility operations group for the mirroring of

TRAC transactions.

iSeries

Observation Observed real-time replications

occurring between primary and secondary

AWD iSeries partitions.

Mainframe, UNIX, iSeries


5.2 Backup system settings are configured

to systematically communicate failures for

resolution.

Mainframe

Inspection Inspected automated tools for

evidence that backup failures are systematically

communicated and failures are resolved.

UNIX

Inspection Inspected automated tools for

evidence that backup failures are systematically

communicated.

Inspection Inspected that communicated

backup failures are resolved.

Mainframe


UNIX

During the testing period, from 4/12/10 to

8/12/10, noted that while backup failures were

communicated for operating system backups,

evidence to show resolution of backup failures

was not available.

Management Response

Refer to management's response to Identified

Exceptions in Chapter V.



5. Controls provide reasonable assurance that current and successful backups of programs and data are performed and

monitored.


5.3 Incremental updates of programs and

data on UNIX servers occur to recovery servers

multiple times per day. Issues are researched

and resolved.

UNIX

Observation (4/1/10 - 9/30/10 Only) Observed

the real-time monitoring of incremental updates

of programs and data performed by the

operations group.

Inspection (4/1/10 - 9/30/10 Only) Inspected

system configurations for evidence that

programs and data were updated to recovery

servers.

Inspected a sample of issues for evidence of

resolution.

UNIX


5.4 On a weekly basis, exercises are

performed to recover programs and data for

UNIX servers and results are communicated to

management.

UNIX

Inspection (4/1/10 - 9/30/10 Only) Inspected for

a sample of weeks, evidence that recovery

exercises were performed and the results were

communicated to management.

UNIX


5.5 A computer operator manually

communicates the status of backups by

updating the nightly shift turnover log.

iSeries

Inspection Inspected evidence to determine

that the backup status is communicated for the

iSeries platform.

iSeries




5. Controls provide reasonable assurance that current and successful backups of programs and data are performed and

monitored.


5.6 A report is reviewed on a daily basis by

management to ensure backups are performed

for Windows servers. Any server that does not

successfully backup is researched and resolved.

Windows


appropriateness reviews performed by

management of daily backups for existence and

evidence of review.

Windows


5.7 Modifications to the backup schedule

are documented and routed to the appropriate

parties for completion.

Windows

Inspection Inspected a sample of backup

schedule modifications for evidence of

documentation.

Windows


5.8 Exercises are performed to recover

platforms and related products and establish

network connectivity to specified client

locations in support of their product validation

testing.


Inspection Inspected a sample of recovery

exercises to determine existence.

iSeries

Inspection Inspected a sample of client

switch exercises from one data center to

another to determine existence.





Computer Operations – Problem Management 6. Controls provide reasonable assurance that hardware and system software problems are monitored, tracked and

resolved.


6.1 Hardware and software

problems are logged and open issues

are monitored. Hardware and software

problems are routed to appropriate

parties for resolution.


Inspection Inspected a sample of problem reports to

determine that problems were assigned and resolved.



6.2 Shift turnover logs are utilized

to communicate any problems or

special instructions between shifts.


Inspection Inspected a sample of daily shift turnover

logs for evidence that problems and special instructions

are documented.



6.3 A computer operations

supervisor is present on all shifts at the

Winchester Data Center. At least one

computer operator is present at the

AWD Data Center.

Winchester Data Center

Inspection Inspected a sample of Winchester shift

manager schedules for evidence that a shift manager is

scheduled for every shift.

AWD Data Center

Inspection Inspected a sample of AWD Data Center

operator shift schedules for evidence that at least one

operator is scheduled for every shift.





Network Security 7. Controls provide reasonable assurance that external access to internal DST data and systems is limited to individuals

with a legitimate business need.


7.1 Firewalls and routers within the

Winchester and AWD Data Centers are

logging unusual activity or evidence of

problems to a centralized location.

Inspection Inspected evidence that firewall and router

events are logged and sent to a centralized monitoring

facility.


7.2 An Intrusion Detection System

has been deployed in both the

Winchester and AWD Data Centers.

The most recent signatures have been

evaluated and updates which affect

DST‟s network environments have been

applied.

Inquiry Inquired of management as to the existence of

an Intrusion Detection System for the infrastructure.


7.3 The firewalls, routers and

switches which support the Winchester

and AWD Data Center infrastructure

are maintained in computer rooms with

access restricted to authorized

personnel.

Inspection Inspected a sample of access requests for the

Winchester Data Center and AWD Data Center computer

rooms for evidence that the request was approved by

appropriate management.




7. Controls provide reasonable assurance that external access to internal DST data and systems is limited to individuals



7.4 The Winchester and AWD Data

Center E-commerce client connections

and external subsidiary connections are

protected by firewall systems through

which flow all inbound traffic.

Inquiry and Inspection Inspected network diagrams

and inquired of management to determine that all network

traffic entering the E-commerce environment via client

connections or external subsidiary connections are routed

through firewalls.


7.5 The E-commerce firewalls and

perimeter routers are configured to

protect against unauthorized access and

are configured to disallow all traffic,

except those protocols and services

specifically required to support the

E-commerce function.

Inquiry and Inspection Inspected E-commerce firewall

and router configurations for proper rulesets to protect

against unauthorized access and for proper configuration

of protocols and services to support the E-commerce

environment. Inquired of management as to the

appropriateness of the settings configured on the

firewalls.


7.6 Web application security

assessments are performed by a

third-party on an annual basis.

Inquiry Inquired of management as to the performance

of web assessment by a third party which address web

application security issues relating to access to the

network.




7. Controls provide reasonable assurance that external access to internal DST data and systems is limited to individuals



7.7 Firewall rules for external-

facing perimeter firewalls are reviewed

by a third party on a semi-annual basis.

Inquiry Inquired of management as to the

performance of firewall rule reviews by a third party

which address firewall security issues relating to access

to the network.


7.8 Users of the Winchester and

AWD Data Center firewalls and

routers are identified by a unique

identification (ID) and authentication

is required before access to the

firewalls and routers is granted.

Inquiry and Inspection Inspected users with access

to firewalls and routers and inquired of management to

determine that the users configured to access the

firewalls and routers are set in accordance with

management intentions.

Inspection Inspected configurations for Winchester

and AWD Data Center firewalls and routers to

determine that users are identified by a unique

identification (ID) and authentication is required before

access to the infrastructure components is granted.




Network Modifications 8. Controls provide reasonable assurance that modifications to network Access Control Lists, are documented, logged

and approved.


8.1 Firewall and router modifications are

logged. Automated alerts are generated when a

firewall rule is modified.

Inspection Inspected the syslog

configuration file and/or alert settings for

firewalls and routers to determine that alerts are

automatically generated when firewall and

router modifications occur.


8.2 Modifications to network Access

Control Lists (ACLs) are documented,

including the reason for the change.

Inspection Inspected a sample of network

ACL modification documentation to determine

that documentation exists and contains a clear

reason for the change.


8.3 Authorization, from either a manager or

a senior security engineer, is required prior to

modification of Access Control Lists (ACLs).

Inspection Inspected a sample of network

ACL modifications for evidence of manager

authorization prior to implementation of the

change.




Information Processing General Computer Controls


9. Controls provide reasonable assurance that TA2000, TA2000 Subaccounting and TRAC application software changes

are logged, tested and approved.


9.1 Library management software (Endevor)

with version control at the module level is used to

manage source code development and

maintenance. Only one individual can check out

code at a time.

Observation Observed system queries of the

Endevor system to determine if Endevor properly

maintains audit trail information and utilizes version

numbering.

Observed controls over contention when attempting

to “check out” a module to a platform already under

revision in an Endevor platform.

Observed controls over contention when a module

“jumps” another module in the install process.


9.2 Unit test script guidelines exist to ensure

consistent testing procedures. Migration

Checklists are completed by the project team and

reviewed by Test Platform Support to ensure

testing is occurring.

Observation Observed the Unit Test Script

Guidelines for evidence of existence.

Inspection Inspected testing documentation for a

sample of changes for evidence that testing is

occurring.




9. Controls provide reasonable assurance that TA2000, TA2000 Subaccounting and TRAC application software changes

are logged, tested and approved.


9.3 Management clients are notified of the

availability to perform testing of program changes

in a beta environment.

Inspection Inspected documentation for a sample

of program changes evidencing availability of

testing in the beta environment.


9.4 Top Secret restricts access to production

libraries by requiring that Endevor is used in the

change management process.

Inspection Inspected a Top Secret listing of users

with access to migrate changes to production load,

JCL and source libraries to determine if Top Secret

requires Endevor be used in the change management

process. For users that do not require the use of

Endevor due to job functions, access is verified as

appropriate with management.


9.5 Endevor systematically requires manager

authorization for programs installed to production.

A monthly review of individuals authorized to

perform regular and JCL automated verifies

within Endevor is performed by management.

Observation Observed that an error message was

produced by Endevor when an unauthorized user

attempted to perform an automated verify.

Observed the Endevor LGM Install Panel and

validated only programs with the appropriate

approvals were installed to production.

Inspection Inspected a sample of access reviews

for individuals authorized to perform regular and

JCL automated verifies within Endevor for

existence and evidence of review.




TA2000, TA2000 Subaccounting and TRAC Job Monitoring 10. Controls provide reasonable assurance that TA2000, TA2000 Subaccounting and TRAC jobs are monitored and that

errors are resolved.


10.1 An automated scheduling system has

been installed to control job scheduling activities.

The following computer operations monitoring

techniques are in place:

TA2000 Operations personnel review the

scheduler for abend conditions.

Abend conditions are documented by

Operations personnel, researched and

resolved.

Inspection Inspected system software

documentation to determine that an automated

scheduling system is installed.

Inspected a sample of abends to determine

documentation was created and included the

problem and the resolution.


10.2 Top Secret validates that departures from

authorized setup and execution procedures are

submitted by an authorized user ID. If a special

request job is not submitted by an authorized ID,

an abend will occur and the job will not execute.

Reperformance Utilized an ITF to obtain

evidence that Top Secret will not allow a special

request submitted by an unauthorized ID (i.e., an ID

without the required permission) to successfully

process and will result in an abend.




AWD Application Software Modifications 11. Controls provide reasonable assurance that AWD application software modifications are tested and approved.


11.1 Management ensures that appropriate user testing

and/or approval is performed for changes to AWD prior to

releasing changes into production.

Inspection Inspected documentation used to

request change migration to production and verified

existence as evidence of user approval of the change.


11.2 Changes to the AWD application are appropriately

approved by management prior to releasing changes into

production.


of AWD application changes to determine that

changes were approved by management prior to

releasing changes into production.


11.3 The ability to migrate changes to production is

restricted to appropriate individuals. A quarterly review of

individuals with the ability to migrate changes to

production is performed by management.

Inspection Inspected a sample of quarterly reviews





TA2000 Desktop/TA2000 Subaccounting Desktop/TRAC Desktop/DST SmartDesk/Compliance Workstation Application Software Modifications

12. Controls provide reasonable assurance that Desktop application software modifications are tested and approved.


12.1 Management ensures that appropriate

testing is performed for changes to Desktop

applications prior to creation of the Installation

CD.


of enhancements for evidence of appropriate testing

prior to the creation of the Installation CD.


12.2 Changes to the Desktop applications are

appropriately approved by management prior to

releasing the Installation CD.

Inspection Inspected evidence of appropriate

approval to migrate desktop changes prior to

release of the Installation CD.


12.3 The ability to migrate changes to

production is restricted to the Software

Configuration Management Team. A quarterly

review of individuals with the ability to migrate

changes to production is performed by

management.

Inspection Inspected a sample of quarterly





FAN Web/Vision/TRAC Web/E-commerce Core Application Software Modifications

13. Controls provide reasonable assurance that FAN Web/Vision/TRAC Web/E-commerce Core application software



13.1 Management ensures that appropriate

testing is performed for changed to E-

commerce applications prior to releasing

changes into production.

FAN Web/ Vision/TRAC Web/E-commerce Core Inspection Inspected documentation for a sample

of enhancements for evidence of appropriate testing

prior to the change being released into production.

FAN Web/Vision/TRAC Web/E-commerce Core No relevant exceptions noted.

13.2 Changes to the E-commerce

Applications are appropriately approved by

management prior to releasing changes into

production.

FAN Web/Vision/TRAC Web/E-commerce Core Inspection Inspected evidence of appropriate

approval to migrate E-commerce application changes

to production.


13.3 The ability to migrate changes to

production is restricted to appropriate

individuals. A quarterly review of individuals

with the ability to migrate changes to

production is performed by management.

FAN Web/Vision/TRAC Web/E-commerce Core Inspection Inspected a sample of quarterly reviews





TA2000 Subaccounting Interface Monitoring 14. Controls provide reasonable assurance that TA2000 Subaccounting interfaces are monitored.


14.1 The TA2000 Subaccounting interface

between clients and DST is monitored and failures

are resolved to help ensure a continuous data

connection is maintained.

Observation Observed the existence of

monitoring software and the identification of

failures to help ensure a continuous data connection

is maintained between TA2000 Subaccounting

clients and DST.

Inspection Inspected a sample of failure tickets

for evidence of resolution.


14.2 MQ interface failures supporting TA2000

Subaccounting are systematically identified and

communicated to the support team.

Inspection Inspected MQ system settings to

determine that failure notifications are

systematically identified and communicated.


14.3 The TA2000 Subaccounting to NSCC

interface is monitored daily through the use of a

checklist and automated failure notifications to

validate all transmissions are processed as

intended.

Inspection Inspected a sample of TA2000

Subaccounting NSCC monitoring checklists to

determine consistent monitoring of the TA2000

Subaccounting to NSCC interface.


Chapter IV:

Information Provided by the Service Auditor

Information Provided by the Service Auditor 153


Information Provided by the Service Auditor

This report is intended to provide users of DST‟s Remote Transfer Agent Processing

System (hereafter referred to as TA2000), TA2000 Subaccounting and TRAC

information sufficient to understand the flow of transactions within TA2000, TA2000

Subaccounting and TRAC and the controls that may affect the processing of client

transactions and to provide information about the operating effectiveness of the

controls that were tested.

This report, when combined with an understanding of the internal controls in place at

client locations, is intended to assist the client‟s independent auditors in planning the

audit of client organizations and in assessing the control risk for assertions in client

organization financial statements that may be affected by the controls of TA2000,

TA2000 Subaccounting and TRAC.

Our testing of the controls of TA2000, TA2000 Subaccounting and TRAC was

restricted to those control objectives and the related controls outlined by DST

management contained in Chapters II and III of this report. Management believes

these are the relevant key control activities for the stated objectives. Our examination

did not extend to the information contained in Chapter V: Other Information provided

by DST Systems. The examination was performed in accordance with American

Institute of Certified Public Accountants (AICPA) Statement on Auditing Standards

No. 70 (SAS 70), Service Organizations. It is each interested party‟s responsibility to

evaluate this information in relation to the internal controls in place at each client‟s

organization. These control activities at client organizations, contemplated in the

design of DST‟s controls, have been outlined in Chapter I, User Control

Considerations. If effective client internal controls are not in place, the controls

within TA2000, TA2000 Subaccounting and TRAC may not compensate for such

weaknesses.

The objective of a coordinated system of control activities is to provide reasonable,

but not absolute, assurance as to the safeguarding of assets against loss from

unauthorized use or disposition and the reliability of financial records for maintaining

accountability for assets. The concept of reasonable assurance recognizes that the cost

of a system of internal controls should not exceed the benefits derived and also

recognizes that the evaluation of these factors necessarily requires estimates and

judgments by management.

As part of our review of TA2000, TA2000 Subaccounting and TRAC we performed a

variety of tests, each of which provided different levels of audit satisfaction. The

combined results of these tests provided the basis for our understanding of the

framework for control and whether the controls represented were actually in place as

of September 30, 2010 and were operating effectively throughout the period from

October 1, 2009 to September 30, 2010.



Control Environment The control environment represents the collective effect of various factors on

establishing, enhancing or mitigating the effectiveness of specific controls. In addition

to tests of specific controls described below, our procedures included tests or

consideration of the relevant components of the DST control environment, including:

DST‟s organizational structure and approach to segregation of duties.

Management methods.

Personnel policies and practices.

Internal Audit.

Our tests of the control environment included the following procedures to the extent

we considered necessary:

A review of DST‟s organizational structure, including the segregation of duties,

policy statements and personnel policies.

Discussions with management, operations, administrative and other personnel,

who are responsible for developing, ensuring adherence to and applying controls.

Observations of personnel in the performance of their assigned duties.

A review of DST action plans taken in response to recommendations to improve

internal controls.

The control environment was considered in determining the nature, timing and extent

of testing of the operation of controls relevant to achievement of the control

objectives.

Tests of Controls Our tests of the operating effectiveness of controls included such tests as were

considered necessary in the circumstances to evaluate whether those controls and the

extent of compliance with them, are sufficient to provide reasonable, but not absolute,

assurance that the specified control objectives were achieved during the period from

October 1, 2009 to September 30, 2010. Our testing of the operating effectiveness of

controls was designed to cover a representative number of transactions and procedures

throughout the period October 1, 2009 to September 30, 2010 for each of the control

activities listed in Chapters II and III, which are designed to achieve the specified

control objectives. In selecting particular tests of the operating effectiveness of

controls, we considered:

Nature of the controls being tested.

Types and competence of available evidential matter.

Nature of the control objectives to be achieved.

Assessed level of control risk.

Information Provided by the Service Auditor 155


Expected efficiency and effectiveness of the tests.

Such techniques were used to evaluate the fairness of the description of the controls

and to evaluate the operating effectiveness of specified controls.

In determining the tests to be conducted, procedures performed by internal audit were

considered where applicable. Accordingly, the effectiveness of internal audit was

evaluated and tested, including:

Assessment of the competence and objectivity of internal audit.

Evaluation of the scope of their work, supervision and review.

Assessment of the conclusions reached and reports issued.

The types of tests performed to assess the operating effectiveness of the controls

detailed in Chapters II and III are described below.

Inquiry

Inquiries were made with appropriate DST personnel in order to gain an

understanding of DST‟s framework for control, to identify those control activities that

are necessary to effectively achieve specified control objectives and/or for evidence

that the control activities are in place and the operating effectiveness of those control

activities. Inquiry testing was performed for all controls contained in Chapters II and

III.

Observation

We observed the application or existence of specific controls as represented.

Inspection

We inspected documents and records indicating performance of the applicable

controls. Examples of what this could include are listed below:

Physically inspecting or counting tangible assets and comparing the results with

DST‟s records.

Inspection of reconciliations and management reports to assess whether

transactions and reconciling items are properly monitored, controlled and

resolved, as necessary, on a timely basis.

Review of source documentation and authorizations for evidence of propriety of

transactions processed.

Examining documents or records for evidence, such as the existence of initials or

signatures, of performance of controls.

Reperformance

We reperformed the control or processing application of the control for evidence of

the accuracy of its operation. Examples of what this could include are listed below:



Obtaining evidence of the arithmetical accuracy and correct processing of

transactions by either recomputing the TA2000, TA2000 Subaccounting and

TRAC computations or performing independent calculations.

Reperforming the matching of various system records by independently matching

the same records and comparing reconciling items to TA2000, TA2000

Subaccounting and TRAC prepared reconciliations.

Processing test transactions through application programs in a production

environment.

Where applicable, the test transaction technique of an integrated test facility was used

to ascertain whether computer software processing controls and computerized

processing functions were operating effectively. This technique is described below.

Integrated Test Facility (ITF)

An ITF was used to test the operating effectiveness of certain TA2000, TA2000

Desktop, TA2000 Subaccounting, TA2000 Subaccounting Desktop, TRAC, TRAC

Desktop, DST SmartDesk, FAN Web, Vision, TRAC Web, and TA2000 Voice

automated controls and functions. An ITF consists of periodically processing selected

test transactions on test accounts and funds in the DST production processing

environment.

The tests were designed to both:

Process invalid transactions to determine the proper functioning of various edit

and validation tests which are to be performed by the system.

Process valid transactions in order to determine that all applicable files and

controls and exceptions reports are properly updated and/or generated.

Expected results were identified for each of the test steps. This was done so the

operating effectiveness of the TA2000, TA2000 Desktop, TA2000 Subaccounting,

TA2000 Subaccounting Desktop, TRAC, TRAC Desktop, FAN Web, Vision, TRAC

Web and TA2000 Voice automated controls could be measured by comparing the

expected results to the actual results.

Chapter V:

Other Information Provided by DST

Other Information Provided by DST 159


Other Information Provided by DST

Management’s Responses to Identified Exceptions Chapter III: Information Processing General Computer Controls

Control Activity Management Response

3.7 - Mainframe, UNIX, iSeries and CICS

administrators are reviewed on a quarterly

basis for access appropriateness. Windows

administrators are reviewed on an annual

basis for access appropriateness.

iSeries

For 1 of a sample of 2 quarterly reviews

selected, the review was not performed

iSeries

9/30/10: Management concurs with the finding and is

developing an automated process intended to minimize the

disruption associated with key personnel transitions. This

action coupled with the next deployment phases of the

iSecurity software suite will facilitate the continual process

improvement cycle associated with this space.

Additionally, a subsequent review of access has been

performed and access was appropriate for all users.

5.2 - Backup system settings are configured

to systematically communicate failures for

resolution.

UNIX

During the testing period, from 4/12/10 to

8/12/10, noted that while backup failures

were communicated for operating system

backups, evidence to show resolution of

backup failures was not available.

UNIX

9/30/10: Management concurs with the finding and has

reinstituted the automatic generation of work tickets to

evidence the action taken to resolve backup failure

notifications. While tickets were not automatically

generated for the period noted, email alerts continued to be

sent to the appropriate support personnel and action was

taken to resolve issues as required. There was no impact to

operating system availability during the reporting period

due to the lack of automated ticket generation.



Overview of Business Continuity Plan Business Continuity pertains to the recovery of a business unit, group of business

units, or an entire facility due to an incident that disrupts or threatens to disrupt

normal business functions. The recovery is focused on restoring the technology

infrastructure required to support critical business processes and relocating staff

displaced by an incident to suitably equipped alternative facilities if required.

The Business Continuity Program is organized by the Corporate Business

Continuity Department. This department reports directly to a senior officer of

DST Systems, Inc. DST‟s Business Continuity program is based on the

Professional Practices for the Business Continuity Planner, the standard

developed jointly by Disaster Recovery Institute International (DRII) and the

Business Continuity Institute (BCI).

The Corporate Business Continuity Department works with business units to

develop planning guidelines based on the most likely worst-case scenario, which

is the partial or entire loss of a single facility or building. A facility may house

one or more business units.

In the event an incident is severe enough to require relocation of a business unit,

a series of notifications are initiated to alert designated response teams. These

response teams include:

Incident Response Team The incident response team consists of members from

Corporate Business Continuity, Technology, Human Resources, Facilities

Management, Procurement and Media Relations. This team is responsible for

facilitating the recovery of the business unit. The team is located at the Incident

Communication Center (ICC) where it works together to manage the incident and

share information. There is an alternate ICC available if the primary site is not

accessible.

Incident Management Team The incident management team consists of

members of management from the impacted business units. This team acts as the

primary decision making body for the recovery. This team is also responsible for

monitoring the recovery and providing focused management support during the

recovery of the business unit.

Corporate Communications Response Team The corporate communications

response team consists of members from Media Relations, Corporate Business

Continuity and Human Resources. This team is responsible for corporate-level

communications to the media and internal staff. It also assists business units to

develop clear and consistent communications with clients and third parties.

Business Continuity exercises are performed for each facility annually and may

include a table top exercise, a physical relocation exercise, or a combination of

both. Exercises are designed to utilize business continuity plans to validate

assumptions, resource requirements and tasks necessary for business resumption.

Areas for improvement are identified and assigned for remediation. Results of

each exercise are forwarded to the business unit officer, planners and the internal

audit department.

Documents

Remote Transfer Agent Processing System · (DST) applicable to the Remote Transfer Agent Processing System (TA2000) and the TRAC ... DST applied the controls contemplated in the design