Find Your Industry

Helping a TPA achieve SAS 70 Third Party Administrator Certification

As the regulatory compliance drum continues to beat louder, TPA's requiring SAS 70 Type I or Type II compliance are looking for helpful tips and answers when preparing for a Statement on Auditing Standards No. 70 audit. SAS 70 compliance can be a financial and time-consuming burden if not managed effectively. As such, a TPA should implement a SAS 70 roadmap for compliance, hopefully mitigating and eliminating many unnecessary pitfalls during the audit process. Additionally, gaining an understanding of the history and overview, along with other important facts on SAS 70 will better prepare service organizations once the audit process begins.

Take note, as the following activities should be undertaken the moment when the SAS 70 third party administrator certification process officially begins.

It all starts with a Request for Proposal (RFP)

A TPA needs to be prepared in spending considerable time finding a qualified CPA firm to conduct the audit. An RFP should be utilized and given to select firms after a broad search has been done. A good idea is to probably send out RFP’s to no more than three or four firms, simply based on the fact that the time and efforts required to review their answers can also be a time consuming adventure. When they are complete, examine the contents of each RFP for ensuring the firm has answered all questions and provided you with sufficient information for their consideration. Firms that ignore or do not answers questions fully could be leaving out information potentially or are simply not taking the time to answer the RFP in a thoughtful, complete manner. Either way, these are firms that should not be up for consideration.

Once the firm has been chosen, its time to coordinate a lengthy list of items that need to be undertaken for audit preparation. First and foremost, take time to meet the engagement team conducting the audit, inquiring more of their skill sets, auditing methodologies, and overall expectations of the audit.

Spend considerable amount of time scoping the audit for ensuring that an effective ERISA Compliance plan is in place regarding fiduciary responsibilities from plan sponsors. It's communication that is the key for all parties involved when undertaking a SAS 70 Type I or Type II audit.