Information Letter 08-14-1998
August 14, 1998
Mr. Robert C. Gerald
18 Ward Avenue
Staten Island, New York 10304
Dear Mr. Gerald:
This is in response to your most recent letter regarding the audit requirements under the Employee Retirement Income Security Act of 1974, as amended, (ERISA) for certain welfare benefit plans (i.e., health plans) which retain the services of third party administrators (TPAs). Our letters dated December 23, 1997, and January 13, 1998, as well as your telephone conversations with Eric Raps from my staff and Marcus Aaron from the Office of the Chief Accountant responded to your previous questions. Your latest inquiry appears to re-focus on the question of whether a TPA providing services to an ERISA-covered plan must hire its own accountant to examine its operations and render an opinion thereon. Our prior correspondence included an explanation of the Department's annual reporting limited exemptions for certain types of insured and unfunded plans. For simplicitys sake, we assume for purposes of this letter that your inquiry is with respect to a plan that is both required to file the Form 5500 Annual Return/Report of Employee Benefit Plan (Form 5500) and engage an independent qualified public accountant (IQPA) to conduct an examination of the financial statements and schedules of the plan.
Under ERISA section 103 and 29 CFR § 2520.103-1, the plan's IQPA is required to form an opinion on whether the plan's financial statements and schedules are presented in conformity with generally accepted accounting principles (GAAP) applied on a basis consistent with that of the preceding year. In addition, the examination must be conducted in accordance with generally accepted auditing standards (GAAS) and involve tests of the books and records of the plan as considered necessary by the IQPA. In order to conduct an audit of a plan in accordance with GAAS, the IQPA must obtain a sufficient understanding of the internal control structure necessary to arrange the audit and to determine the nature, timing, and extent of the audit procedures to be performed. To the extent that a plan uses a service organization, such as a TPA, to, for example, execute and record transactions, and process related data on behalf of the plan, the activities of the service organization may affect the plan's financial statements. Under these circumstances, it may be necessary for the plans IQPA to contact the TPA to obtain specific information about the TPA's internal control structure and/or visit the TPA to examine its internal controls for handling plan assets.
The American Institute of Certified Public Accountants (AICPA) has issued Statement on Auditing Standards 70 (SAS 70), Reports on the Processing of Transactions by Service Organizations. SAS 70 provides an alternative method for examining the internal controls of a service organization, including a TPA. Under this alternative method, a TPA may hire its own auditor to evaluate and report on its internal control structure. The report prepared by the TPAs auditor is then made available to the plan and the plan's IQPA who may use the report as a basis for evaluating the plans internal control structure. Thus, ERISA's annual reporting provisions do not require that a TPA hire its own auditor, however, a TPA, in order to facilitate the audit of a plan which uses that TPA, may choose to comply with SAS 70.
I hope this information is helpful to you. We would suggest that you contact an attorney or certified public accountant with specialized expertise in employee benefit matters to the extent that you need further individualized legal or accounting advice in this area.
John J. Canary
Chief, Division of Coverage, Reporting and Disclosure
Office of Regulations and Interpretations