Controls Audit Clause Samples

Controls Audit. (i) In addition to its other obligations under this Section 9.12. Supplier shall cause an International Standard of Assurance Engagements (ISAE) 3402 or Type 2 U.S. Statement on Standards for Attestation Engagements (SSAE) 16 (or an equivalent audit under such successor standard as may then be in effect) (a “Controls Audit”) to be conducted by an independent public accounting firm on an annual basis for Supplier Facilities at or from which the Services and/or services similar to the Services are provided at Allianz’s cost. Supplier shall (A) confer with Allianz as to the scope and timing of each such audit, and (B) accommodate Allianz’s requirements and concerns to the extent practicable. Unless otherwise agreed by the Parties, such audit shall be conducted with a date range of at least twelve (12) months and so as to result in a final audit opinion dated September 1 or later each calendar year. Supplier shall provide Allianz and its independent auditors with a copy of such opinion and the resulting Controls Audit report as soon as reasonably possible after the conclusion of such audit. At Allianz’s request at any time, Supplier shall confirm in writing that there have been no changes in the relevant policies, procedures and internal controls since the completion of such audit. Supplier shall respond to such reports in accordance with Section 9.12. (ii) If Supplier is unable to timely deliver to Allianz, in accordance with Section 9.12(h)(i) above, an unqualified opinion, or the Controls Audit reveals any deficiencies or material weakness, Supplier shall (A) provide Allianz, on or before the date such opinion is delivered or due to be delivered, a written statement describing the circumstances giving rise to any delay or any qualification, (B) take such actions as shall be necessary to resolve such circumstances as soon as practicable, and (C) permit Allianz and its Permitted Auditors to perform such procedures and testing as are reasonably necessary for their assessment of the operating effectiveness of Supplier’s policies, procedures and internal controls. Supplier acknowledges and agrees that Allianz and Permitted Auditors, upon receiving a copy of the Controls Audit report, shall have the right to review the auditor work papers at the auditor premises, as well as interview the auditor personnel who did the actual audit work in the event Allianz or such Permitted Auditors require clarification regarding the Controls Audit report to the extent such TCS A...
View SourceView Similar (5)
Controls Audit. GCHD will perform internal audits of operational and technical controls/procedures to prevent a HIPAA security breach. AS 3.4.1, Access Authorization AS 3.5.1, Workforce Training AS 3.5.4, Log-in Monitoring AS 3.7.1, Data Backup AS 3.7.5, Applications and Data Criticality Analysis TS 5.2, Audit Controls OR 2.4, Business Associate Agreement 45 C.F.R. §164.308 (a)(1)
View Source
Controls Audit. (1) In addition to its other obligations under this Section 9.11 and/or any data processing agreements executed in connection with this Agreement, Provider shall, on an annual basis, cause an independent public accounting firm to produce a SOC 1 Report, SOC 2 Report, and SOC 3 Report (such reports, collectively, “Controls Audit Reports”) by conducting Type II multi-client audits pursuant to (A) SSAE 16 or ISAE 3402, and (B) AT 101 (such audits, collectively, the “Controls Audit”) with respect to Provider’s provision of the Services and/or services similar to the Services. Provider shall confer with Client as to the scope, control objective requirements and timing of each such audit, and accommodate Client’s requirements and concerns to the extent practicable. Unless otherwise agreed by the Parties, such audit shall be conducted with a date range of at least twelve (12) months and so as to result in a final audit opinion dated March 31 or later each calendar year. Provider shall provide Client and its independent auditors with a copy of such opinion and the resulting Controls Audit Reports as soon as reasonably possible after the conclusion of such audit, and in all events by July 31 of the same calendar year that such opinion is dated. At Client’s request at any time, Provider shall confirm in writing that there have been no changes in the relevant policies, procedures and internal controls since the completion of such audit. The Controls Audit shall be conducted, and the resulting opinion and Controls Audit Reports shall be provided, at no additional charge to Client. Provider shall promptly respond to such Controls Audit Reports. (2) In addition to its other obligations under this Section 9.11 and/or any data processing agreements executed in connection with this
View Source