ERISA & DOL
What is the mission of ERISA?
EBSA’s mission is to ensure the security of the retirement, health, and other workplace-related benefits of America’s workers and their families
Who is the Plan Sponsor?
The employer sponsoring the employee benefit plan
What are internal controls?
Approvals, reviews, and reconciliations are all examples of this.
What is a SOC 1 report?
This type of SOC report is used to evaluate internal controls at a service organization that affects financial reporting.
What is an Adoption Agreement?
Defines the provisions of the Plan
What does the DOL do?
This agency enforces ERISA rules.
Who is the TPA (third party Administrator)?
An outside entity that assists in the administration of the plan. This entity will often provide assistance with compliance matters
What is segregation of duties?
This control prevents one person from having too much access.
What is a SOC 2 report?
This SOC report focuses on controls related to the privacy of personal information handled by a service organization.
What is an eligibility error?
This error involves not enrolling employees on time.
Who are fiduciaries?
These individuals have legal responsibility over the plan.
What is the difference between an elective deferral and a match?
Elective deferral is how much the participant is contributing and the employer can match this (usually up to a certain %).
What are IT controls?
Processes, policies, and tools that help ensure data security, integrity, and proper operation of information systems used in administering the plan.
What is SSAE 18?
The current attestation standard used to conduct SOC examinations, which succeeded SSAE 16, is called this.
What is a contribution remittance error?
A mismatch between payroll records and contributions may reveal this issue.
What are the minimum standards set by ERISA?
Plan participation, vesting, benefit accrual, and benefit funding
What is a vested balance?
The portion of an employee’s account that they fully own and can take with them
What is the difference between a key control and a walkthrough?
The key control is the control being tested and the walkthrough is how we test it to ensure it is in place and operating effectively.
GIVE EXAMPLE
Name 2 of the 4 sections in a SOC report
Normally comprised of four sections:
– Service auditor report and management assertions
– Description of controls
– Testing of controls
– Complimentary User Entity Controls (CUECs)
What are full-scope and limited-scope audits?
These two types of audits are commonly referred to in EBP audits. Limited scope now called ERISA Section 103(a)(3)(c). Full scope audits require more work related to investments.
When was ERISA established?
September 2, 1974
What is a Summary Plan Description (SPD)?
This document summarizes how the plan works and must be provided to participants.
What is the process of conducting a walkthrough?
Depends on the specific walkthrough, but involves talking with the client to determine the process and then ensuring that process is not only in place but is also operating effectively.
GIVE EXAMPLE
What happens if you can't get a SOC report?
Must find another way to evaluate the internal controls at the service organization
Name the 5 audit assertions
1. Existence or Occurrence
2. Completeness or Cutoff
3. Rights and Obligations
4. Accuracy or Classification
5. Valuation and Allocation