August 26, 2008

SAS 70 and Third Party Administrators (TPA) | Important Information

Filed under: News — Tags: , , , , — Charles Denyer @ 6:52 am

Many Third Party Administrators (TPA) are going through the rigorous SAS 70 process in today’s heightened regulatory compliance arena. From Sarbanes-Oxley to HIPAA, corporate governance and the calls for greater controls and inquiries into a TPA’s daily operations are louder than ever.  Many small and medium size TPA organizations, of which there are many, comment on the overall frustrations of a SAS 70 audit, stating that they are expensive, time consuming, and typically are done by an auditing firm with little or no experience in regards to their actual business model.  As a SAS 70 auditor for many years and working for a firm that specializes in SAS 70 audits on TPA organizations, this is uncomfortable news to say the least The audit should not be considered an expensive, painful process. Rather, it should be looked upon as a helpful tool for helping build a strong system of internal controls, while also serving as a great marketing tool for your TPA. Last and surely not least, the SAS 70 should effectively display to your plan sponsors, current clients, and other interested parties that your TPA has a strong control environment, complete with a adequate safeguards for all activities that are carried out on a daily basis.

Now, as for finding a firm with expertise, that sometimes can be a challenge, so i recommend you ask a series of questions for helping ensure you pick the right firm for the SAS 70 Type I or Type II audit. The following questions, if answered correctly, should calm any fears about whether you have found the right firm or not:

1. How many Third Party Administrator (TPA) entities have you issued a SAS 70 for?

2. Specifically, what is your  working knowledge on the different types of TPA’s, such as property & Casualty TPA’s, self funded medical TPA’s, along with a TPA’s computer and software systems, etc?

3. Do you have a set of SAS 70 readiness questionnaires specifically tailored towards a TPA for helping my organization prepare for the SAS 70 audit?

4. Can you provide me with a SAS 70 sample report of a TPA?

If they can answer yes to these questions, you’ve found the right firm. If not, move on and keep looking for a SAS 70 provider that truly knows your industry.

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment



Blog Navigation

Subscribe

Fill out the form below to become a subscriber to the SAS 70 Resource Guide Newsletter. Your information will never be shared with any third-party vendor or company.

For the latest information about SAS 70, subscribe to the SAS 70 Resource Guide News Feed by following the links below.

RSS | atom

about feeds

SAS 70 Google News Alert Widget provided by Grazr