Audit Services

The vendor is required to provide for agreed-upon procedure (AUP) audits provides flexibility as procedures can be developed by the practitioner, the engaging party, intended users of the practitioner’s report or any combination thereof.
- Enhance governance by providing insights into risk management and control mechanisms.
- Confirm all eligible employees are enrolled as members of agency, in the appropriate benefit tier
- Plan sponsors and participating employers report payroll corrections, retro pay, and special payments or allowances, as necessary.
- Plan sponsors and participating employers report annual payouts of paid leave. 
- These payments should not exceed the pensionable amount in statute.
- Make recommendations for internal control and process improvements.
- Perform procedures to validate the accuracy, timeliness and completeness of member data reported to agency by the plan sponsor and sample of participating employers.
- Member data is the demographic information of members or employees participating in the pension system.
- The membership demographic information is used by agency actuaries for projection of pension and other post-employment benefits (OPEB) liabilities.
- Perform procedures to validate compliance with applicable requirements (agencies policies) for reporting and recording member census data, including timeliness and accuracy of the information.
- Validate member information is accurately posted to the member accounts and supported with documentation.
- Review due diligence and vendor selection controls
• Assess whether privacy risks were considered during selection.
• Verify third-party security/privacy certifications (e.g., SOC 2, ISO 27001).
• Confirm background checks, financial stability, and legal risk evaluations.
- Assess contractual and legal protections. Confirm inclusion of:
• Data ownership and usage clauses.
• Breach notification timelines.
• Right-to-audit clauses.
• Verify contractual alignment with fund’s privacy policy, practices, and regulatory mandates.
- Evaluate ongoing monitoring and oversight
• Inspect reports from vendor audits or SOC reports.
• Confirm periodic reassessments or risk reviews of third-party services.
• Check for evidence of follow-up on deficiencies or security incidents.
- Test agency technical and administrative controls
• Validate encryption in transit and at rest.
• Review access controls and authentication mechanisms.
• Verify third-party notification and incident response procedures.
• Confirm data retention and deletion policies are enforced.
- Obtain and analyze employer contribution reports
• Select a representative sample of employer reports across size, type, and risk level.
• Review supporting payroll data, remittance schedules, and calculations.
• Recalculate contribution amounts using approved rates and payroll bases (e.g., pensionable wages).
- Verify completeness and accuracy
• Confirm all employers submitted reports for the audit period.
• Ensure no eligible members or payrolls are omitted.
• Confirm that contribution rates match board-approved rates.
- Assess timeliness of contributions
• Compare remittance dates with required timeframes.
• Identify late submissions and assessment penalties or interest.
- Evaluate reconciliation procedures
• Review pension system’s reconciliation:
• Reported vs. received contributions.
• Employer reports vs. member data.
- Test adjustments or corrections and confirm appropriate approvals and documentation.
• Analyze flagged discrepancies (e.g., spikes in payroll, missing members).
• Verify that all five-year and thirty-year stops are correctly implemented.
• Review the fund’s follow-up process for resolution.
- Test internal review processes
• Assess whether employer reports are reviewed and verified before entry into the pension system.
• Confirm segregation of duties between data entry, verification, and funds application.
- Contract Period/Term: 2 years
- Questions/Inquires Deadline: July 23, 2025