SOX Audit 2020 Report Conclusion/Rating Project Processes Start

SOX Audit 2020 Report Conclusion/Rating Project Processes Start Date July 1, 2019 PRIVATE & CONFIDENTIAL Not Approved for Distribution Without Prior Approval Project Target Completion June 30, 2020 SOX Audit 2020 Report Generated on February 11, 2020 1

Results Overall Assurance Conclusion/Rating 54% Deficiency by Severity PRIVATE & CONFIDENTIAL Not Approved for Distribution Without Prior Approval Deficiency by Owner SOX Audit 2020 Report Generated on February 11, 2020 2

Deficiency Severity by Owner PRIVATE & CONFIDENTIAL Not Approved for Distribution Without Prior Approval SOX Audit 2020 Report Generated on February 11, 2020 3

9 instances of MCC Code violations found Business Processes: Procurement Owner: Owner: [email protected] Executive Owner: Deficiency Information Overall Status Severity Open Medium Date Identified Remediation Deadline Remediation Status January 22, 2020 February 20, 2020 Opened PRIVATE & CONFIDENTIAL Not Approved for Distribution Without Prior Approval Escalation Level SOX Audit 2020 Report Generated on February 11, 2020 4

SLA Missing in Two Third Party Contracts Business Processes: Information Technology General Controls Owner: Owner: [email protected] Executive Owner: Deficiency Information Overall Status Severity Open Medium Date Identified Remediation Deadline January 22, 2020 March 31, 2020 PRIVATE & CONFIDENTIAL Not Approved for Distribution Without Prior Approval Escalation Level Remediation Status SOX Audit 2020 Report Generated on February 11, 2020 5

2 related party transactions found Business Processes: Procurement Owner: Owner: [email protected] Executive Owner: Deficiency Information Overall Status Severity Open Medium Date Identified Remediation Deadline Remediation Status January 22, 2020 February 28, 2020 Opened PRIVATE & CONFIDENTIAL Not Approved for Distribution Without Prior Approval Escalation Level SOX Audit 2020 Report Generated on February 11, 2020 6