Employee benefit plans: SOC 1 reports and service organizations resource center
Most employee benefit plans use service organizations (e.g., bank trustees, insurance companies or benefits administrators) to process transactions and maintain plan records. Often Service Organization Control Reports® (formerly known as SAS 70 reports) are obtained and used by the auditor to understand the controls at the service organization and potentially reduce the amount of substantive testing required. The Center has compiled the following resources to assist employee benefit plan auditors in effectively using SOC 1 reports in their employee benefit plan audits.
Center Tools and Resources
Professional Standards
This standard provides guidance on the factors an independent auditor should consider when auditing the financial statements of an entity that uses a service organization to process certain transactions.
This standard addresses examination engagements undertaken by a service auditor to report on controls at organizations that provide services to user entities when those controls are likely to be relevant.
The AICPA has compiled resources and tools related to SOC reports, including guides, resources, publications, webcasts and articles.
A & A Resource Centers
Employee Benefit Plan Audit Quality Center
The Center is a voluntary membership organization for firms that perform or are interested in performing ERISA employee benefit plan audits.