Common use of Operational Audits Clause in Contracts

Operational Audits. Upon reasonable advance notice (and no longer than 48 hours), during the Audit Period, Supplier will provide to NCR (and internal and external auditors, inspectors, regulators and other representatives authorized by NCR that NCR may designate from time to time (collectively, “NCR Auditors”), access at reasonable business hours and at NCR’s expense, to Supplier Personnel, to the facilities at or from which Services are then being provided and to Supplier records and other pertinent information, all to the extent relevant to the Services and Supplier’s obligations under this Agreement. Such access may not be withheld for audits concerning NCR’s compliance with regulatory requirements and Supplier’s compliance with Legal Requirements. Such access is for the purpose of performing audits and inspections to (a) verify the integrity of NCR Data, (b) examine the systems that process, store, support and transmit that data (including system capacity, performance and utilization), (c) examine the internal controls (e.g., financial controls, human resources controls, organizational controls, input/output controls, system modification controls, processing controls, system design controls and access controls) and the security, disaster recovery, business continuity and back-up practices and procedures, (d) examine Supplier’s performance of the Services, (e) examine Supplier’s measurement, monitoring and management tools and (f) enable NCR to meet applicable legal, regulatory and contractual requirements. Supplier will (1) provide any assistance reasonably requested by NCR Auditors in conducting any such audit, including installing and operating audit software, (2) make requested personnel, records, and information available to NCR Auditors and (3) in all cases, provide such assistance, personnel, records and information in an expeditious manner to facilitate the timely completion of such audit. If an audit reveals a material breach of this Agreement, then, without limiting NCR’s other remedies under this Agreement, Supplier will promptly reimburse NCR for the actual cost of the auditor, including auditor’s fees. During the Audit Period, Supplier will (at all times subject to confidentiality requirements between Supplier and its vendors), pass through to NCR the same prices invoiced to Supplier by such vendors; provide to NCR auditors access at reasonable hours to Supplier Personnel and to Contract Records and other pertinent information to conduct financial audits to the extent relevant to the performance of Supplier’s obligations under this Agreement to (i) verify the accuracy and completeness of Contract Records, and (ii) verify the accuracy and completeness of Charges and Out-of-Pocket Expenses. If any such audit reveals an overcharge by Supplier, and Supplier does not successfully dispute the amount questioned by such audit, Supplier will promptly pay to NCR the amount of such overcharge, and Supplier shall promptly reimburse NCR for the actual cost of such audit (including auditors’ fees).

Operational Audits. Upon ‌ Each Contract Year, Vendor shall require its Auditors to conduct an examination of Vendor’s compliance with this Agreement with scope and objectives to be approved by the Commonwealth in advance. Vendor also shall require its Key Subcontractors to participate in such compliance audits. This audit shall be conducted for the previous fiscal Year ending June 30, 20xx. For the first Contract Year this may be only for a partial year. Vendor shall deliver to the Commonwealth five (5) copies of such audit report within two (2) months after conducting the audit (but in no event later than November 1 following the fiscal year end for which the audit was conducted) and Vendor shall prepare and implement a corrective action plan to correct any deficiencies or resolve any problems identified in such report. A copy of the corrective action plan shall be provided to the Commonwealth within thirty (30) days following the delivery of the audit report. In addition, at any time, and from time to time, during the Term, the Commonwealth may engage such Auditors as it shall deem appropriate (except that such Auditors shall not be Vendor Competitors) to conduct an audit of Vendor’s and its Subcontractors’ practices, the facilities used by Vendor or Vendor’s Subcontractors to provide the Services, and related operational matters (including audits of Vendor’s legal compliance and Vendor’s security policies and practices with regard to IT and data access and control) in order to verify compliance with the terms of this Agreement. Any such audit shall be conducted in a reasonable manner and after reasonable advance notice (except that no notice shall be required with respect to a security audit). For purposes of such audit, Vendor shall, and no longer than 48 hours)shall cause its Subcontractors to, grant the Commonwealth and its representatives full and complete access, during normal business hours and upon reasonable notice, to the Audit Periodrelevant portion of Vendor’s and its Subcontractors’ books, Supplier records, documents, data, and information, as they relate to this Agreement, and with the prior consent of Vendor (which will provide to NCR (and internal and external auditors, inspectors, regulators and other representatives authorized by NCR that NCR may designate from time to time (collectively, “NCR Auditors”not be unreasonably withheld or delayed), access at reasonable business hours to relevant Vendor Personnel’s comptroller, access to relevant Vendor Personnel. Vendor shall, and at NCR’s expenseshall cause its Subcontractors to, to Supplier Personnelprovide the Commonwealth, to the facilities at or from which Services its authorized representatives, with such information and assistance as are then being provided and to Supplier records and other pertinent information, all to the extent relevant to the Services and Supplier’s obligations under this Agreement. Such access may not be withheld for audits concerning NCR’s compliance with regulatory requirements and Supplier’s compliance with Legal Requirements. Such access is for the purpose of performing audits and inspections to (a) verify the integrity of NCR Data, (b) examine the systems that process, store, support and transmit that data (including system capacity, performance and utilization), (c) examine the internal controls (e.g., financial controls, human resources controls, organizational controls, input/output controls, system modification controls, processing controls, system design controls and access controls) and the security, disaster recovery, business continuity and back-up practices and procedures, (d) examine Supplier’s performance of the Services, (e) examine Supplier’s measurement, monitoring and management tools and (f) enable NCR to meet applicable legal, regulatory and contractual requirements. Supplier will (1) provide any assistance reasonably requested by NCR Auditors in conducting any order to perform such auditaudits, including installing and operating audit software, (2) make requested personnel, records, and information available provided that the Parties shall endeavor to NCR Auditors and (3) arrange such assistance in all cases, provide such assistance, personnel, records and information in an expeditious manner to facilitate the timely completion of such audit. If an audit reveals a material breach of this Agreement, then, without limiting NCR’s other remedies under this Agreement, Supplier will promptly reimburse NCR for the actual cost of the auditor, including auditor’s fees. During the Audit Period, Supplier will (at all times subject to confidentiality requirements between Supplier and its vendors), pass through to NCR the same prices invoiced to Supplier by such vendors; provide to NCR auditors access at reasonable hours to Supplier Personnel and to Contract Records and other pertinent information to conduct financial audits to the extent relevant to way that it does not interfere with the performance of SupplierVendor’s duties and obligations under this Agreement to (i) verify the accuracy and completeness of Contract Records, and (ii) verify the accuracy and completeness of Charges and Out-of-Pocket Expenseshereunder. If any such audit reveals an overcharge by Supplierinadequacy or insufficiency of Vendor’s performance, and Supplier does not successfully dispute the amount questioned by such auditincluding performance in connection with any security obligations of Vendor as set forth in this Agreement, Supplier will promptly pay to NCR the amount of such overcharge, and Supplier Vendor shall promptly reimburse NCR for develop and provide to the actual Commonwealth a reasonable and detailed corrective action plan and promptly thereafter implement such plan in accordance with its terms. In addition, the cost of such audit shall be borne by Vendor in the event that: (including auditors’ fees)i) the Commonwealth specifically identifies a particular deficiency with respect to Vendor’s performance of any particular Service; (ii) Vendor either denies or fails to take prompt actions to investigate and cure such identified deficiency; (iii) an audit is initiated hereunder to investigate such deficiency; and (iv) the audit confirms the deficiency with respect to Vendor’s performance of such Service. Any of the Commonwealth’s external third-party Auditors performing such an audit shall do so only after executing nondisclosure agreements reasonably satisfactory to Vendor. Vendor shall use commercially reasonable efforts to incorporate the substance of the foregoing provisions of this Section 18.3 regarding audit rights (substituting the name of the Subcontractor for that of Vendor) into any written agreement between Vendor and each Subcontractor. Nothing in this Section 18.3 shall in any way limit the Commonwealth’s rights under Section 18.2.

Operational Audits. Upon reasonable advance notice (and no longer Not more than 48 hours)once per Contract Year, during including the Audit Contract Year following the Term or the Termination Assistance Period, Supplier GPI or its authorized Third Party auditors (either, a “GPI Auditor”) may audit systems, processes and NTT DATA Records of NTT DATA and, subject to Section 14.6 below, of NTT DATA’ subcontractors (including making copies of NTT DATA Records) and inspect the NTT DATA Service Locations in connection with all matters related to this Agreement, including, but not limited to NTT DATA’ compliance with the terms, conditions and requirements of this Agreement; provided, that audits described in this section shall not include audits described in Section 14.4. GPI will provide NTT DATA at least seven (7) days’ Notice of its intent to NCR (and internal and external auditors, inspectors, regulators and other representatives authorized by NCR that NCR conduct any such audit. Audits will be conducted during normal business hours. GPI Auditors may designate from time to time (collectively, “NCR Auditors”), access at reasonable business hours and at NCR’s expense, to Supplier Personnel, conduct audits in addition to the facilities at or from which Services are then being provided and to Supplier records and other pertinent information, all to the extent relevant to the Services and Supplier’s obligations under this Agreement. Such access may not be withheld for audits concerning NCR’s compliance with regulatory requirements and Supplier’s compliance with Legal Requirements. Such access is for the purpose of performing audits and inspections to one (1) ordinarily allowed if (a) verify the integrity of NCR Data, (b) examine audit reveals discrepancies between the systems that process, store, support and transmit that data (including system capacity, performance and utilization), (c) examine the internal controls (e.g., financial controls, human resources controls, organizational controls, input/output controls, system modification controls, processing controls, system design controls and access controls) and the security, disaster recovery, business continuity and back-up practices and procedures, (d) examine Supplier’s performance status of the Services, (e) examine Supplier’s measurement, monitoring operations and management tools and (f) enable NCR to meet applicable legal, regulatory and contractual requirements. Supplier will (1) provide any assistance reasonably requested by NCR Auditors in conducting any such audit, including installing and operating audit software, (2) make requested personnel, records, and information available to NCR Auditors and (3) in all cases, provide such assistance, personnel, records and information in an expeditious manner to facilitate the timely completion of such audit. If an audit reveals a material breach of this Agreement, then, without limiting NCR’s other remedies under this Agreement, Supplier will promptly reimburse NCR for the actual cost of the auditor, including auditor’s fees. During the Audit Period, Supplier will (at all times subject to confidentiality requirements between Supplier and its vendors), pass through to NCR the same prices invoiced to Supplier by such vendors; provide to NCR auditors access at reasonable hours to Supplier Personnel and to Contract Records and other pertinent information to conduct financial audits to the extent relevant to the performance of Supplier’s NTT DATA’ obligations under this Agreement and GPI reasonably determines that any such discrepancies could have an adverse impact on its business; or (b) GPI reasonably determines that an audit is warranted to (i) verify determine the accuracy and completeness cause for documented failures. The limitation on the number of Contract Recordsaudits hereunder will not apply to audits of NTT DATA’ compliance with the Physical Security Guidelines or the Logical Security Guidelines, and (ii) verify GPI may audit NTT DATA’ compliance with the accuracy and completeness Physical Security Guidelines or the Logical Security Guidelines at any time without the giving of Charges and Out-of-Pocket ExpensesNotice. If any such audit reveals an overcharge by SupplierGPI acknowledges that all Third Party GPI Auditors must not be a competitor of NTT DATA, and Supplier does not successfully dispute must enter into a confidentiality agreement with NTT DATA prior to conducting such audits, provided that NTT DATA acknowledges that such confidentiality agreement will be reasonable and have confidentiality terms no more stringent that the amount questioned by such audit, Supplier will promptly pay to NCR the amount confidentiality terms set forth in Section 13.2 (Confidentiality) of such overcharge, and Supplier shall promptly reimburse NCR for the actual cost of such audit (including auditors’ fees)this Agreement.

Operational Audits. Upon reasonable advance notice (and no longer Not more than 48 hours)once per Contract Year, during including the Audit Contract Year following the Term or the Termination Assistance Period, Supplier GPI or its authorized Third Party auditors (either, a “GPI Auditor”) may audit systems, processes and Pxxxx Systems Records of Pxxxx Systems and, subject to Section 14.6 below, of Pxxxx Systems’ subcontractors (including making copies of Pxxxx Systems Records) and inspect the Pxxxx Systems Service Locations in connection with all matters related to this Agreement, including, but not limited to Pxxxx Systems’ compliance with the terms, conditions and requirements of this Agreement; provided, that audits described in this section shall not include audits described in Section 14.4. GPI will provide Pxxxx Systems at least seven (7) days’ Notice of its intent to NCR (and internal and external auditors, inspectors, regulators and other representatives authorized by NCR that NCR conduct any such audit. Audits will be conducted during normal business hours. GPI Auditors may designate from time to time (collectively, “NCR Auditors”), access at reasonable business hours and at NCR’s expense, to Supplier Personnel, conduct audits in addition to the facilities at or from which Services are then being provided and to Supplier records and other pertinent information, all to the extent relevant to the Services and Supplier’s obligations under this Agreement. Such access may not be withheld for audits concerning NCR’s compliance with regulatory requirements and Supplier’s compliance with Legal Requirements. Such access is for the purpose of performing audits and inspections to one (1) ordinarily allowed if (a) verify the integrity of NCR Data, (b) examine audit reveals discrepancies between the systems that process, store, support and transmit that data (including system capacity, performance and utilization), (c) examine the internal controls (e.g., financial controls, human resources controls, organizational controls, input/output controls, system modification controls, processing controls, system design controls and access controls) and the security, disaster recovery, business continuity and back-up practices and procedures, (d) examine Supplier’s performance status of the Services, (e) examine Supplier’s measurement, monitoring operations and management tools and (f) enable NCR to meet applicable legal, regulatory and contractual requirements. Supplier will (1) provide any assistance reasonably requested by NCR Auditors in conducting any such audit, including installing and operating audit software, (2) make requested personnel, records, and information available to NCR Auditors and (3) in all cases, provide such assistance, personnel, records and information in an expeditious manner to facilitate the timely completion of such audit. If an audit reveals a material breach of this Agreement, then, without limiting NCR’s other remedies under this Agreement, Supplier will promptly reimburse NCR for the actual cost of the auditor, including auditor’s fees. During the Audit Period, Supplier will (at all times subject to confidentiality requirements between Supplier and its vendors), pass through to NCR the same prices invoiced to Supplier by such vendors; provide to NCR auditors access at reasonable hours to Supplier Personnel and to Contract Records and other pertinent information to conduct financial audits to the extent relevant to the performance of Supplier’s Pxxxx Systems’ obligations under this Agreement and GPI reasonably determines that any such discrepancies could have an adverse impact on its business; or (b) GPI reasonably determines that an audit is warranted to (i) verify determine the accuracy and completeness cause for documented failures. The limitation on the number of Contract Recordsaudits hereunder will not apply to audits of Pxxxx Systems’ compliance with the Physical Security Guidelines or the Logical Security Guidelines, and (ii) verify GPI may audit Pxxxx Systems’ compliance with the accuracy and completeness Physical Security Guidelines or the Logical Security Guidelines at any time without the giving of Charges and Out-of-Pocket ExpensesNotice. If any such audit reveals an overcharge by SupplierGPI acknowledges that all Third Party GPI Auditors must not be a competitor of Pxxxx Systems, and Supplier does not successfully dispute must enter into a confidentiality agreement with Pxxxx Systems prior to conducting such audits, provided that Pxxxx Systems acknowledges that such confidentiality agreement will be reasonable and have confidentiality terms no more stringent that the amount questioned by such audit, Supplier will promptly pay to NCR the amount confidentiality terms set forth in Section 13.2 (Confidentiality) of such overcharge, and Supplier shall promptly reimburse NCR for the actual cost of such audit (including auditors’ fees)this Agreement.