OFFICER AND CHIEF FINANCIAL OFFICER CERTIFICATION Pursuant to Section 6(b) and 6(c) of the Agreement, the undersigned Chief Executive Officer and Chief Fiscal Officer of the Recipient, as both are designated in Appendix B of the Agreement, hereby request the Director to disburse financial assistance moneys made available to Project in Appendix C of the Agreement (inclusive of any amendment thereto) to the payee as identified below in the amount so indicated which amount equals the product of the Disbursement Ratio and the dollar value of the attached cost documentation which was properly billed to the Recipient in exclusive connection with the performance of the Project, or, in the case of a final disbursement request, the amount entered at Line V of this Appendix E. The undersigned further certify that:
EEO Officer The contractor will designate and make known to the contracting officers an EEO Officer who will have the responsibility for and must be capable of effectively administering and promoting an active EEO program and who must be assigned adequate authority and responsibility to do so.
Compliance Officer and Chief Executive Officer The Implementation Report and each Annual Report shall include a certification by the Compliance Officer and Chief Executive Officer that:
CHIEF EXECUTIVE OFFICER AND CHIEF FINANCIAL OFFICER CERTIFICATION The undersigned Chief Executive Officer and Chief Fiscal Officer of the Recipient, as both are designated in Appendix B of the Agreement, hereby request the Director to disburse financial assistance moneys made available to Project in Appendix C of the Agreement (inclusive of any amendment thereto) to the payee as identified below in the amount so indicated which amount equals the product of the Disbursement Ratio and the dollar value of the attached cost documentation which was properly billed to the Recipient in exclusive connection with the performance of the Project. The undersigned further certify that:
Audit Controls P. Contractor agrees to an annual system security review by the County to assure that systems processing and/or storing Medi-Cal PII are secure. This includes audits and keeping records for a period of at least three (3) years. A routine procedure for system review to catch unauthorized access to Medi-Cal PII shall be established by the Contractor.
Accounting Controls The Company and its Subsidiaries maintain systems of “internal control over financial reporting” (as defined under Rules 13a-15 and 15d-15 under the Exchange Act Regulations) that comply with the requirements of the Exchange Act and have been designed by, or under the supervision of, their respective principal executive and principal financial officers, or persons performing similar functions, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with GAAP, including, but not limited to, internal accounting controls sufficient to provide reasonable assurance that (i) transactions are executed in accordance with management’s general or specific authorizations; (ii) transactions are recorded as necessary to permit preparation of financial statements in conformity with GAAP and to maintain asset accountability; (iii) access to assets is permitted only in accordance with management’s general or specific authorization; and (iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences. Except as disclosed in the Registration Statement, the Pricing Disclosure Package and the Prospectus, the Company is not aware of any material weaknesses in its internal controls. The Company’s auditors and the Audit Committee of the Board of Directors of the Company have been advised of: (i) all significant deficiencies and material weaknesses in the design or operation of internal controls over financial reporting which are known to the Company’s management and that have adversely affected or are reasonably likely to adversely affect the Company’ ability to record, process, summarize and report financial information; and (ii) any fraud known to the Company’s management, whether or not material, that involves management or other employees who have a significant role in the Company’s internal controls over financial reporting.
Personnel Controls The County Department/Agency agrees to advise County Workers who have access to Pll, of the confidentiality of the information, the safeguards required to protect the information, and the civil and criminal sanctions for non- compliance contained in applicable federal and state laws. For that purpose, the County Department/Agency shall implement the following personnel controls:
Compliance Officer The Contractor shall employ a Compliance Officer who is accountable to the Contractor’s executive leadership and dedicated full-time to the Contractor’s Indiana Medicaid product lines. This individual will be the primary liaison with the State (or its designees) to facilitate communications between OMPP, the State’s contractors and the Contractor’s executive leadership and staff. This individual shall maintain a current knowledge of federal and state legislation, legislative initiatives and regulations that may impact the Hoosier Healthwise program. It is the responsibility of the Compliance Officer to coordinate reporting to the State as defined in Section 9 and to review the timeliness, accuracy and completeness of reports and data submissions to the State. The Compliance Officer, in close coordination with other key staff, has primary responsibility for ensuring all Contractor functions are in compliance with the terms of the Contract. The Compliance Officer shall meet with the OMPP Surveillance and Utilization Review Unit (SUR) on a quarterly basis.
Human and Financial Resources to Implement Safeguards Requirements 6. The Borrower shall make available necessary budgetary and human resources to fully implement the EMP and the RP.
Data Controller The Sponsor shall be the data controller for such personal data except that, if Quintiles deals with any personal data under this Agreement in the manner of a data controller, Quintiles shall be the data controller of such personal data to the extent of such dealings. Quintiles may process "personal data", as defined in the applicable data protection legislation enacted under the same or equivalent/similar national legislation (collectively "Data Protection Legislation"), of the Investigator and Study Staff for study-related purposes and all such processing will be carried out in accordance with the Data Protection Legislation. 6.4
