AICPA Testimony to ERISA Advisory Council on Outsourcing Flags Trouble Spots, Recommends Best Practices

September 25, 2014

The American Institute of CPAs (AICPA) Employee Benefit Plan Audit Quality Center (EBPAQC) Executive Committee submitted written testimony to the ERISA Advisory Council for its hearings examining the outsourcing of employee benefit plan services.  The EBPAQC’s testimony focused on trends auditors are seeing in the outsourcing of employee benefit plan services, noted problems related to monitoring service providers and recommended best practices for selecting and monitoring service providers that affect the plan’s financial reporting.

The August 19 testimony applauded the Council for holding the hearings as part of the Council’s plan to make recommendations to the U.S. Secretary of Labor related to outsourcing of services.  The testimony emphasized the importance of the Council including recommendations pertaining to the selecting and monitoring of service providers because effective selection and monitoring helps ensure the plan sponsor is meeting its fiduciary responsibilities.

“Generally sponsors appear to be maintaining control over strategy (e.g., roles/responsibilities, investment strategy, asset allocation), but many seem to be moving to outsource investment management as well as administration and implementation,” the EBPAQC testimony stated.

“Based on our experience, standards are lacking with respect to monitoring outsourced service providers, including identification of performance standards, benchmarking of costs and mitigating conflicts of interest.  We see many situations in which monitoring is not done regularly and in a systematic, prudent manner,” the EBPAQC testimony added.

The testimony identified the following best practices that plan sponsors should employ when monitoring service organizations:

  • Reading any reports they provide, including Service Organization Control (SOC 1SM ) reports;
  • Putting user controls in place and monitoring them on a regular basis;
  • Reviewing the service provider’s performance;
  • Asking about policies and practices;
  • Checking actual fees charged, and
  • Following up on participant complaints.

Furthermore, the testimony stated, depending on the size and complexity of the plan(s) involved, it may be appropriate to contact the service provider as often as daily, weekly, monthly, or quarterly, but no less frequently than annually. 

Outsourcing Best Practices

The testimony also recommended a number of best practices to follow when plan sponsors are considering the outsourcing of employee benefit plan services, including:

  • The ability of the plan sponsor/administrator to access data maintained by the service provider on both a daily and annual basis;
  • The service provider obtaining a SOC 1 report;
  • Whether the service organization hired to prepare the plan’s financial statements will provide the plan sponsor with the support they need to understand those financial statements;
  • Whether the service agreement between the plan sponsor and the service provider is complete and provides adequate protections for the plan; and
  • Certain financial and control measures in the third-party service provider contract.