Audit Services .vs. TPA Services

[JMP]

Can the same accounting firm have an Audit & Assurance Service line that provides Audit Support to Larger 401(k) Plans, the financials etc. and also have a TPA Service Line perform the TPA services for those same client?   Different Service Lines, different employees, but same Firm.

I hear mixed comments on this all the time, so I'm curious what this board has to say about it?

[ESOP Guy]

The one and only time I worked for a CPA firm that did TPA work through a subsidiary they never did both.   The closest I saw was we would prepare the Form 5500, 8955-SSA and SAR for a plan they did the plan audit.

 

It was my understanding it was the CPA rules for independence that was the issue not any kind of TPA ethics rules.   But I can't quote anything even though I am a CPA.   I just wasn't involved with those independence questions by management at the CPA firm. 

[JMP]

ESOP Guy - THIS IS EXACTLY HOW I UNDERSTAND IT AS WELL.....It worries me to hear firms are performing both full services to the same client.

[MoJo]

Bad idea.  The "audit" function audits controls - which may include processes handled by the TPA.  It's a quick way to permanently lose your authorization to conduct audit services (and the DOL is looking hard at audit firms right now).

[JMP]

MOJO  - how do you know the DOL is looking hard at Audit Firms right now?  Meaning more than Peer Review, etc.?

[Larry Starr]

8 minutes ago, JMP said:

MOJO  - how do you know the DOL is looking hard at Audit Firms right now?  Meaning more than Peer Review, etc.?

They've said so. And I've seen it reported in a number of the accounting feeds I get (being an enrolled agent they think of me as an accountant, just not a CPA).

[MoJo]

1 hour ago, JMP said:

MOJO  - how do you know the DOL is looking hard at Audit Firms right now?  Meaning more than Peer Review, etc.?

What Larry said.  The DOL has publicized their initiative to review the "quality of audit work" and have actually barred a handful of firms from being able to audit plans going forward.  It has been a topic of a variety of CPA organizations, as well (as Larry has said).  I have friend/professional contacts in that field -and it is something that those with a specialty in have been capitalizing on (taking business from those not so specialized).

[Bill Presson]

I believe it to be technically possible, but not recommended. Depends on whether the TPA is performing the "recordkeeping."

As I said, I don't recommend it.

[CuseFan]

Sarbanes-Oxley (the Enron law) provides the limits/requirements concerning other/non-audit services that a company's auditors can perform. 

Issues arise when the firm is auditing numbers that go on financial statements that it generated, resulting in auditing their own work.

Standards may be different for public and private companies, and plan audits versus corporate audits, but this is a professionalism/ethics issue to be explored by the auditors within the respective firm, not the TPAs.

[austin3515]

I honestly find it extremely hard to believe that is happening.  It is as bad as it gets for an auditor to do the TPA work.  Completely and utterly forbidden.  Auditors require ethics training etc every year where they drill into the fiber of their being "thou shalt not audit thine own work."  Independence is the WHOLE POINT of auditing.  I suppose some small shop that audits 3 plans and does no other audit work might be making this stupid mistake, but not even a regional firm would be so... well, stupid.  They would lose their license in a heartbeat if that ever came to light.   

[David Schultz]

I am also formerly of a CPA firm that had a TPA and while I cannot cite any authority (I am an attorney not a CPA and didn't research), I know that my firm had determined that it was a violation of the independence standards (under AICPA guidelines and SOX, I believe) for the CPA firm to audit plans for which we were recordkeeper or TPA.  At a very minimum, I would consider this to be a bad signal/red flag regarding the ethical standards maintained by the firm that would agree to do both.

[RatherBeGolfing]

1 hour ago, David Schultz said:

I am also formerly of a CPA firm that had a TPA and while I cannot cite any authority (I am an attorney not a CPA and didn't research), I know that my firm had determined that it was a violation of the independence standards (under AICPA guidelines and SOX, I believe) for the CPA firm to audit plans for which we were recordkeeper or TPA.  At a very minimum, I would consider this to be a bad signal/red flag regarding the ethical standards maintained by the firm that would agree to do both.

I had a conversion with one of the auditors from a very big plan audit firm earlier this.  He recalled that AICPA stopped short of actually saying that it violated its independence standards due to some heavy lobbying from at least one firm with plenty of influence.  Not sure how accurate that is though.

[Peter Gulia]

I’ve heard some argue the other service might not impair an auditor’s independence, at least for self-review threats, if the other service is non-discretionary.

 

Here’s a quotation from an AICPA interpretation:

 

1.295.115      Benefit Plan Administration

.01  When a member provides benefit plan administration services to an attest client, self-review and management participation threats to the member’s compliance with the “Independence Rule” [1.200.001] may exist.

 

.02  Notwithstanding the conclusions reached in paragraph .03 of this interpretation, a member should comply with the more restrictive independence provisions of the Employee Retirement Income Security Act (ERISA) of 1974 and DOL regulations when performing audits of employee benefit plans subject to those regulations.

 

.03  If the member applies the “General Requirements for Performing Nonattest Services” interpretation [1.295.040] of the “Independence Rule” [1.200.001], threats would be at an acceptable level and independence would not be impaired.  For example, the member may

 

a.     communicate summary plan data to a plan trustee.

b.    advise management regarding the application and impact of provisions in a plan document.

c.     process certain transactions that have been initiated by plan participations [sic] or approved by the plan administrators using the member’s electronic media, such as an interactive voice response system or Internet connection or other media.  Such transactions may include processing investment or benefit elections, changes in contributions to the plan, data entry, participant confirmations, and distributions and loans.

d.    prepare account valuations for plan participants using data collected through the member’s electronic or other media.

e.     prepare and transmit participant statements to plan participants based on data collected through the member’s electronic or other media.

 

.04  However, threats to compliance with the “Independence Rule” [1.200.001] would not be at an acceptable level, and could not be reduced to an acceptable level by the application of safeguards, and independence would be impaired if, for example, a member

 

a.     makes policy decisions on behalf of management.

b.    interprets the provisions in a plan document for a plan participant on behalf of management without first obtaining management’s concurrence.

c.     makes disbursements on behalf of the plan.

d.    has custody of the plan’s assets. 

e.     serves in a fiduciary capacity, as defined by ERISA.  [Prior reference: paragraph .05 of ET section 101]

 

Yet, a plan’s administrator must meet ERISA § 103’s command to engage an independent qualified public accountant, and must do so meeting fiduciary responsibilities under ERISA § 404 and other law.  In meeting those responsibilities, it can’t be prudent to get legal advice from a nonlawyer.

[austin3515]

Just to be clear for the casual reader ".03" does not apply to this question.  An audit is by definition an "attest" service.  Basically what it means is the auditor is "attesting" to the fact that the financial statements are free of material misstatement.  Anything with an "opinion" page is the result of an "attest" service.

[Peter Gulia]

I’m not saying anything is right.  Only that I’ve heard some CPAs argue that a non-attest TPA service was limited enough to not impair the firm’s independence for the attest service of an IQPA audit of the retirement plan’s financial statements.  When I heard it, no one was asking for my advice.

 

In my experience, the problem of the same firm seeking to serve as TPA and IQPA happens when the plan’s administrator is unadvised, and its decision-maker does not question the accounting firm’s independence.

 

That problem isn’t helped by the fact that there is no “DOL Regulation”.  The 1975 interpretive bulletin reprinted at 29 C.F.R. § 2509.75-9 is not a rule or regulation.

 

[austin3515]

People can often find a way to justify why its ok for them make more money :).

[ERISAtwin74]

My last employer was a CPA firm.  I worked in the TPA division.  We had a handful of plans that we were both the auditor and TPA.  The compliance department confirmed that because of independence, this was permitted, as long as we weren't also the recordkeeper.  The TPA division was titled "....Benefit Consultants" while the accounting division was "..., CPAs".  We were the same company, but were run differently.  I questioned it when I first started because they wanted me to work on business development but was told that it had run through our compliance group.  They are very big on compliance, independence, security, etc. 

[austin3515]

As the saying goes, it doesn't matter till it matters.  Meaning when you get sued the first and obvious conclusion is that the problem was you wore both hats.  In other words if your moral compass doesn't rule it out, your fear of giving your legal adversary low hanging fruit should do the trick.

[Bill Presson]

3 hours ago, ERISAtwin74 said:

My last employer was a CPA firm.  I worked in the TPA division.  We had a handful of plans that we were both the auditor and TPA.  The compliance department confirmed that because of independence, this was permitted, as long as we weren't also the recordkeeper.  The TPA division was titled "....Benefit Consultants" while the accounting division was "..., CPAs".  We were the same company, but were run differently.  I questioned it when I first started because they wanted me to work on business development but was told that it had run through our compliance group.  They are very big on compliance, independence, security, etc. 

Sounds vaguely familiar... ?

[RatherBeGolfing]

2 minutes ago, Bill Presson said:

Sounds vaguely familiar... ?

LOL yea I had a pretty good idea based on the description....

[ERISAtwin74]

On 5/15/2020 at 1:46 PM, Bill Presson said:

Sounds vaguely familiar... ?

You know it!