TPApril Posted Friday at 06:15 PM Posted Friday at 06:15 PM Very small TPA firm - a SOC Report has been requested. I'm curious if other small TPA firms have audits or documentation of their processes/systems prepared for them?
Pam Shoup Posted Monday at 09:50 PM Posted Monday at 09:50 PM It would depend upon the nature of the services being performed by the TPA. If they are strictly providing plan document, plan testing and 5500 services, then I am not sure what the value of the SOC 1 would be to the auditor. The auditor is basically going to be re-performing those functions as part the audit and not relying on anything in a SOC 1 report. If the TPA firm is providing recordkeeping services or somehow has authority to authorize plan transactions, then a SOC 1 would allow some reliance from the auditing firm on the SOC 1 report, and they would not have to re-perform every transaction in the plan. I would ask the recordkeeper for their SOC 1 & 2 report and provide a copy to the auditor. The auditor could also be asking you for your SOC 2 report. I would clarify with them what they need. Peter Gulia 1 Pamela L. Shoup CEBS, RPA, QKA
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now