Welcome to an ERISA sunscreen moment!
Internal controls related to an employee benefit plan deal with the activities of two source categories:
- Activities of the plan sponsor, related to the Plan and
- Activities of outside service providers, such as trust companies, third party administrators, insurance companies and payroll companies
It’s important to understand that the Plan sponsor fiduciary has overall responsibility for the actions of the plan’s outside services providers, since they hired these providers to perform services for the Plan.
One way to help meet this responsibility is to obtain, review and evaluate the services provider’s service organization control report, the most common of which is referred to as a SOC 1 report.
There are many considerations that Plans and auditors alike consider, when evaluating a SOC 1 report, but this week’s sunscreen moment will deal with one consideration: Are you getting the right “type” of SOC 1 report?
Watch this two-minute video to learn more.