French Posted January 2, 2008 Posted January 2, 2008 For the past few years, our audit firm (one of the big 4) has performed an annual ERISA claim audit for our self-insured plan on-site at the TPA. For 2008 we have changed to a new TPA. As part of our contract discussion, we wanted to include specific language addressing this. According to the TPA, this is not standard with their other accounts. Is the audit firm (which we have also changed for 2008) following a specific guideline or just being overly vigilant?
david rigby Posted January 2, 2008 Posted January 2, 2008 Is this a joke? Is the TPA attempting to tell the audit firm how (or whether) to do the audit? I'm a retirement actuary. Nothing about my comments is intended or should be construed as investment, tax, legal or accounting advice. Occasionally, but not all the time, it might be reasonable to interpret my comments as actuarial or consulting advice.
French Posted January 2, 2008 Author Posted January 2, 2008 No this is no joke. The TPA is a very large insurance carrier and believes that the reports they provide are sufficient for an ERISA audit.
Guest Dell Posted January 3, 2008 Posted January 3, 2008 It sounds like the former TPA did not have an acceptable SAS 70 report and the auditor was not able to reduce control risk below the maximum with alternative procedures. In that case, the auditor is generally forced to perform procedures at the TPA. The new TPA does not sound very credible on this unless they are providing an acceptable SAS 70 Type II report. Even with that, the auditor may still have to question the TPA in order to gain an understanding of the controls in place at the TPA. If the TPA cannot provide an acceptable SAS 70 type II report, auditors are generally going to be performing procedures on-site at the TPA. I would be careful around TPA's that say "no other auditors ever request this".
French Posted January 4, 2008 Author Posted January 4, 2008 It is a possibility that the SAS70 from our former TPA was the reason. Are there any audit guidelines that I could use as reference for our new TPA and/or is it just SOP based on the SAS 70?
Guest Dell Posted January 7, 2008 Posted January 7, 2008 You should refer to the Audit Guide for employee benefot plans. Just quickly - from paragraph 6-14: "If the user auditor concludes that the available information is not adequateto obtain a sufficient understanding of the service organization's controls to plan the audit, the user auditor may consider contacting the service organization through the user organization, to obtain specific information or request that a service auditor be engaged to perform procedures at the service organization." There is a lot more. Talk to your auditor, they are the ones that should be giving you cites to back up their requests.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now