Using a SOC 1 Report in Audits of Employee Benefit Plans

It is common for an employee benefit plan administrator to use a third-party administrator or service organization to process certain transactions on behalf of the employee benefit plan. SOC 1 reports assist user auditors in obtaining an understanding of the user entity, including its internal control. In addition, the SOC 1 report provides information to user auditors for the purposes of planning and performing an audit of a user entity's financial statements.

This practice aid addresses how a SOC 1 report should be considered in the audit of an employee benefit plan and which audit procedures should be applied to the information in the SOC 1 report.

This practice aid provides tools to help you in your audit of employee benefit plans such as:
• Audit Program: Auditing the Financial Statements of an Employee Benefit Plan That Uses a Service Organization
• Planning Checklist for Audits of Employee Benefit Plans That Use a Service Organization
• Documentation of Use of a Type 2 Service Auditor's Report in an Audit of an Employee Benefit Plan's Financial Statements

New guidance that is particularly significant to this practice aid includes:
• AU-C section 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement
• AU-C section 402, Audit Considerations Relating to an Entity Using a Service Organization
• ASB Clarity Project (through SAS 127)