SOC 1 Reports: How Can They Benefit Your ERISA Plan?

SSAE 16 or SOC reports are typically used by auditors in order to support tasks that have been outsourced by their clients.  However, these reports, which document the controls and results of control testing at a service organization, can be utilized by plan administrators to enhance existing controls and mitigate risks surrounding their ERISA plans.  While these services have been outsourced, plan administrators still have a fiduciary duty to all plan participants to establish effective controls over these functions in order to protect plan assets.  Specifically, an entity will want to utilize a SOC 1 or 2 report.  By obtaining and reading these reports, plan administrators can:

  • Learn about the various controls in place at a service organization and if those controls are operating effectively
  • Assess the risk of gaps occurring between the controls in place at the service organization and the controls in place at their company
  • Determine complimentary controls needed at the company level to mitigate existing risk or to eliminate gaps in controls
  • Gain insight into any potential fraud exposure that an entity may be exposed to by the service organization

By obtaining and reviewing these reports on an annual basis, plan administrators can ensure that it is proactively analyzing risk and adjusting controls when necessary to mitigate risks.  If you have any questions regarding SOC reports, please contact a member of the Schneider Downs team for more information.

© 2014 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

This advice is not intended or written to be used for, and it cannot be used for, the purpose of avoiding any federal tax penalties that may be imposed, or for promoting, marketing or recommending to another person, any tax related matter.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2019 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on

403(b) Universal Availability Requirements under Scrutiny by IRS
ERISA and Non-ERISA, Options for Owners
Benefits, ERISA BY Lara Fuller
The Final Issuance of SAS 136
Cybersecurity & Employee Benefit Plans
ERISA BY Brian Reitz
Bad Fiduciary. What’s it Going to Cost You?
Audit, ERISA BY Joshua Zimmerly
Benefit Plan Audit by Infomercial

Register to receive our weekly newsletter with our most recent columns and insights.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office

One PPG Place, Suite 1700
Pittsburgh, PA 15222
p:412.261.3644     f:412.261.4876

Map of Columbus Office

65 East State Street, Suite 2000
Columbus, OH 43215
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102