The Center has compiled tools and resources to assist members in their consideration of internal control in their EBP financial statement audits.
Examples of Internal Control Communications for Employee Benefit Plans
This non-authoritative document was prepared to assist Center members in preparing internal control communications to their employee benefit plan clients.
Documentation of Use of a Type 2 Service Auditor’s Report in an Audit of an Employee Benefit Plan’s Financial Statements
The tool is intended to assist members in documenting procedures and findings related to controls at a service organization that are likely to be relevant to the employee benefit plan’s internal control over financial reporting. It focuses on the user auditor’s use of a type 2 report.
EBPAQC Plan Advisories
The Importance of Internal Controls in Financial Reporting and Safeguarding Plan Assets
Effective controls reduce the risk of asset loss and help ensure that plan information is complete and accurate, financial statements are reliable, and laws and regulations are complied with.
Effective Monitoring of Outsourced Plan Recordkeeping and Reporting Functions
Hiring a service organization to perform plan administration services is a fiduciary function and, as such, plan administrators are required to periodically monitor their service organizations to ensure they are performing the agreed-upon services.
AU-C sec. 265, Communicating Internal Control Related Matters Identified in an Audit
This section addresses the auditor’s responsibility to appropriately communicate to those charged with governance and management deficiencies in internal control that the auditor has identified in an audit of financial statements.
AU-C sec. 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement
This section addresses the auditor’s responsibility to identify and assess the risks of material misstatement in the financial statements through understanding the entity and its environment, including the entity’s internal control.
AU-C sec. 330, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained
This section addresses the auditor’s responsibility to design and implement responses to the risks of material misstatement identified and assessed by the auditor in accordance with AU-C section 315 and to evaluate the audit evidence obtained in an audit of financial statements.
AU-C sec. 402, Audit Considerations Relating to an Entity Using a Service Organization
This section addresses the user auditor’s responsibility for obtaining sufficient appropriate audit evidence in an audit of the financial statements of a user entity that uses one or more service organizations.
AU-C Sec. 240, Consideration of Fraud in a Financial Statement Audit
This section addresses the auditor’s responsibilities relating to fraud in an audit of financial statements, including management override of controls.
Employee Benefit Plans: Audit and Accounting Guide
The Guide contains guidance regarding the auditor’s consideration of internal control in an employee benefit financial statement audit.
Practice Aid -- Using an SSAE No. 16 Service Auditor's Report (SOC 1 Report) in Audits of Employee Benefit Plans
This practice aid provides auditors with guidance when auditing the financial statements of an employee benefit plan that uses a service organization. It addresses how a SOC 1 report should be considered in the audit of an employee benefit plan and which audit procedures should be applied to the information in the SOC 1 report. It includes practice tools such as an audit program and planning checklist for plans that use a service organization.