SOC 1 SSAE 18 for Pension Administrators

NDNB provides fixed-fee SOC 1 SSAE 18 Type 1 and Type 2 audit reports for plan administrators for retirement/pension funds. Each year, billions of dollars are collected and distributed through various plan administrators throughout North America – a complex web of financial transactions that meet certain criteria for ensuring the confidentiality, integrity, and availability (CIA) of such activities.

Enter SOC 1 SSAE 18 reporting, the most widely recognized auditing mechanism for assessing controls – and their operating effectiveness – for plan administrators for retirement/pension funds.

SOC 1 Experts for Plan Administrators for Retirement/Pension Funds

NDNB has been successfully auditing plan administrator for retirement/pension funds for years, beginning with the now historical SAS 70 auditing standard (issued in 1992), up until the current SOC 1 SSAE 18 assessment framework. We’ve helped companies successfully define audit scope, identify specific business process control objectives, and much more. In short, we’re experts in the plan administrator’s marketplace, thus offering highly efficient, fixed-fee auditing processes that few can offer.

NDNB also offers comprehensive SOC 1 and SOC 2 audits for businesses using Amazon AWS, Microsoft Azure, and Google GCP

Essential SOC 1 Information Plan Administrators Need to Know

SOC 1 SSAE 18 reports for plan administrators for retirement/pension plans can take on a whole life of their own due to the potentially enormous scope and complexity of such environments. Because of this, take note of the following material for helping ensure an efficient and acceptable report is ultimately produced, one you can showcase to clients and prospects with utmost confidence.

Begin with a Scoping & Readiness Assessment: What’s the scope of the audit? What controls are to be included? What specific financial transactions are to be assessed? These questions, and many more, can be successfully answered with NDNB’s scoping & readiness assessment. We offer them for fixed-fees, or as a complimentary service when you engage with us for a multi-year audit relationship.

Develop Specific ICFR Control Objectives: Because of the sensitivity of financial and operational transactions being performed by plan administrators for retirement/pension plans, it’s critical to determine the relevant Internal Controls Over Financial Reporting (ICFR) that will be assessed – and tested – during the SOC 1 SSAE 18 auditing process. NDNB has years of experience in helping develop specific ICFR control objectives. Here’s a sample to consider for plan administrators for retirement/pension plans:

  • (Enrollment): Controls provide reasonable assurance that member information is collected and recorded in a valid, accurate, complete, and timely manner.
  • (Contributions): Controls provide reasonable assurance that contributions received and posted to member accounts are valid, accurate, and complete.
  • (Distributions): Controls provide reasonable assurance that distributions are authorized in accordance with plan rules, with all relevant information properly recorded as necessary.
  • (Valuations): Controls provide reasonable assurance that all aspects of the plan valuation and related data are recorded in a valid, accurate, and complete manner.
  • (Investment Management): Controls provide reasonable assurance that investment activities are undertaken in accordance with statutory guidelines and recommendations by approved bodies.

Include ITGC from a Scope Perspective: Information Technology General Controls – commonly known as ITGC – are also critical to assess, so consider testing for the following from a scope perspective:

  • (Change Management): Controls provide reasonable assurance that changes to existing systems and the implementation of new systems as well as any internal company-wide changes, are authorized, tested, approved, properly implemented, and documented.
  • (Logical Access): Controls provide reasonable assurance that access to all information systems (Network Devices, Operating Systems, Applications, and Databases) and other components that require authentication and authorization activities is limited to those who are authorized, and access rights are commensurate with user roles and responsibilities within the organization.
  • (Network Security): Controls provide reasonable assurance that formalized network policies and procedures are in place, secure data transmission protocols are utilized, and information systems are appropriately hardened, configured, and monitored as needed for ensuring a secure environment.
  • (Data Backup): Controls provide reasonable assurance that data files are backed up in a timely and complete manner, backup logs are generated for appropriate review, and critical system maintenance activities are undertaken on a regular basis.

Understand that Remediation is Often Necessary: Do you have all documented processes and procedures in place? Do any of your I.T. and/or operational controls require remediation? Most of the time, the answer is yes to such questions. Hey, it’s normal. Every business – and we mean every business – always has some aspect of remediation to perform on their current control environment. NDN can assist, as we offer tools and resources with correcting gaps and deficiencies. Contact Chris Nickell, CPA, at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more.

SOC 1 SSAE 18 and SOC 2 Policy Templates and Information Security Policies

Engage in Continuous Monitoring: Long after the initial SOC 1 SSAE 18 audit report is complete, the real work begins with continuous monitoring. Because auditing plan administrators for retirement/pension plans is a recurring event, you’ll need to ensure that your controls are operating effectively – if not – then be ready to face the consequences of adverse audit findings. Nobody wants that, so talk to NDNB about our continuous monitoring efforts for helping stay the course in the world of SOC 1 SSAE 18 reporting for plan administrators for retirement/pension plans.

NDNB is North America’s Leading Provider of SOC Audits

Looking for a well-respected CPA firm that offers fixed-fees to plan administrators for retirement/pension plans for SOC 1 SSAE 18 compliance? Then get to know NDNB and our expertise and pricing model. Contact Chris Nickell, CPA, at This email address is being protected from spambots. You need JavaScript enabled to view it. to learn more about NDNB’s fixed-fees for SOC 1 SSAE 18 Type 1 and Type 2 reporting for the TPA/health and wellness/benefits sector.

Let’s Talk About Your SOC Audit Needs

NDNB can assist with a wide variety of SOC 1 SSAE 18 needs for plan administrators for retirement/pension plans. We can perform a scoping & readiness assessment, develop documentation, assist in developing control objectives, put in place continuous monitoring, and so much more.

We’ve been working with plan administrators for retirement/pension plans for decades, giving us an inside view into the world of operations – and regulatory compliance – that few possess. Need a SOC 1 SSAE 18 Type 1 and/or Type 2 assessment performed, we can help. Contact Chris Nickell, CPA, at This email address is being protected from spambots. You need JavaScript enabled to view it..