Appendix A – Audit Criteria

Objective	Criteria*
1. To assess the adequacy of the management control framework.	The organization provides employees with the necessary training, tools, resources and information to support the discharge of their responsibilities. Oversight exists to monitor and provide assurance on the quality and due diligence in decision-making. Appropriate system application controls exist. Authority, responsibility and accountability are clear and communicated. Information shared with the third-party contractors is properly secured and in compliance with appropriate privacy rules.
2. To assess compliance with applicable policies and processes.	Records and information are maintained in accordance with policies and processes. Annual follow-up and Survivor Renewal forms are mailed to recipients three months prior to end of Benefit Arrangement. Attempts to contact recipient or representative by phone 30 days prior to end of Benefit Arrangement if form not received. Terminate/suspend recipient if unsuccessful in contacting recipient/representative.
3. To determine performance against the service standard.	Management has identified appropriate performance measures linked to planned results. Management monitors actual performance against planned results and adjusts course as needed. VIP recipients will be contacted at least once per year to ensure VIP is meeting their needs.

* Audit recommendations have been developed to address the gaps identified by the audit team. All other audit criteria were determined to be fully met or partially met with only minor deficiencies.