Data Management   Advanced Analytics   IT Systems and Services   Audit Support

Privacy of Data is Critical MSA hired its first Privacy Officer prior to IBM Recognized the need to protect privacy of 1994 Breast Cancer Data prior to HIPAA regulations MSA formed a Review Board to develop privacy, confidentiality and ethics policies for medical and other data Processing data from all major firms or organizations in a given industry requires compliance with anti-trust regulations Privacy maintained for consumer data: surveys, scanner and diary panel data The importance of privacy is ingrained in the MSA culture MSA has passed audits by ThreatGuard and by Carnegie Mellon University (Dr. Steve Roehrig) indicating that MSA practices and systems meet HIPAA requirements. Fritz Scheuren of the original HIPAA committee has also approved MSA handling of medical data, including claims processing MSA Security of Data and Information Systems Security is part of the culture of MSA All employees and contractors are required to review security policies MSA provides all levels of Security 24x7 Physical Security of Facilities and Data Center MSA has used OpenVMS since its inception in 1977 OpenVMS has never been hacked, has the highest security rating from the US Government, and the DoD has contracted for it to be maintained for the next 20 years Network Security MSA has not been negatively impacted by any virus or worm; every incoming email and file is scanned Firewalls and appropriate routers in place A knowledgeable security staff on site and available 24x7 MSA uses optical fiber; a medium that is robust and difficult to tap Multiple levels of security: systems, desktop, and file level Risk Assessment and Management Ultimate criterion: Total risk exposure Goal: Optimal trade-off across risk reduction, mitigation (insurance) and optimization of business processes Consider all known sources of risk Business Continuity reduces risk and cost of Disaster Recovery shutdown MSA periodically assesses risk and modifies Business Continuity plan Planning reduced impact of a micro-burst at MSA’s offices in 2000 Presented its approach to Business Continuity at an HP Global Conference Plenary Session, October 8, 2002 Balance benefits of risk reduction and mitigation Chubb invited MSA to present its Triad Solution on lowering costs and risks of business disruption at a CEO/CFO Conference at the Duquesne Club, 1/14/04 Innovations for Corporate Control Financial Audits The IFS Business Modeler coupled with MSA business practices and hosting of ERP systems makes it possible to greatly increase both the timeliness and quality of audit practices. Similar solutions can also be implemented with other ERP software systems The MSA/IFS solution can prevent fraud and assure rapid detection by auditors unless there is explicit collusion by management, ERP and accounting personnel In contrast, Sarbanes-Oxley requirements for certification of financial statements require CEOs to attest to financial results for which they do not have full control Costs can be reduced as the MSA/IFS solution automates the design, documentation, review, approval and testing of a company’s internal control framework required by Sarbanes-Oxley Section 404 and other requirements Quality Audits IFS/Quality Management meets the rigorous requirements of SAE Aerospace Quality Standards and Biomedical Complex Manufacturing and Document Management accommodating current FDA Good Manufacturing Practices (cGMP) All quality related data in the supply chain and manufacturing process is traceable MSA process control practices combined with IFS data reporting systems provide analyses to help guide operators when processes might be drifting out of control Sarbanes-Oxley Sarbanes–Oxley improves transparency and accountability in corporate accounting designed to strengthen confidence of equity investors in public companies. Requires by the end of 2004 that public companies in the U.S., and foreign companies traded on U.S. exchanges, meet internal controls for financial reporting, and other requirements. Since 2004 is the Year of Internal Control, companies recognize their need to meet Sarbanes-Oxley requirements by leveraging their ERP. MSA is working with clients that have major ERP systems which provide multi-level security features facilitating the segregation of duties required for effective internal controls, and to provide the ability to track transactional details. Section 404 Requirements Companies are focusing their attention on internal controls and documentation of business processes. Section 404 requires corporate management to assess, and independent auditors to attest to, the internal controls of public corporations. MSA is utilizing business process modeling to provide independent and internal auditors with a visual road map of business processes, and placement of checks and balances to support internal controls. These tools, along with MSA's internally developed reports, are structured to provide the support needed to efficiently conduct substantive testing by auditors. The business modeling outputs and MSA developed reports aid management's compliance with Sarbanes-Oxley Section 404 requirements. Section 302 and 409 Requirements Business performance tools enable management to review financial results at their desktop. Section 302 requires the Corporate CEO and CFO to certify that financial reports fairly present a company’s financial condition, operations and cash flows. Management can drill down through the system to review the source details, allowing greater reliance on the financial statements not containing material misstatements so that the statements fairly present the company's financial position and results of operations. Section 409 requires each company to disclose to the public on a rapid and current basis material changes in the financial condition or operations of the firm. MSA builds upon ERP systems to enable companies to achieve real-time monitoring of key financial and operational metrics to meet the above requirements.