[et_pb_section fb_built=”1″ _builder_version=”4.0.6″ max_width=”100%”][et_pb_row _builder_version=”4.0.6″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.0.6″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”]<\/p>\n

Article<\/h6>\n

An Investment Policy Statement (“IPS”) can provide a vital map to the continuing success of a retirement plan qualified under the Employee Retirement Income Security Act (“ERISA”). An IPS sets the parameters for how the plan undertakes its due diligence on behalf of plan participants. It guides the plan sponsor both in its fiduciary duty and its monitoring of third-party providers.<\/b>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”2_5,3_5″ _builder_version=”4.0.6″][et_pb_column type=”2_5″ _builder_version=”4.0.6″][et_pb_image src=”https:\/\/rolandcriss.com\/wp-content\/uploads\/2022\/02\/Investment-Policy-Audit-small.jpeg.png” force_fullwidth=”on” _builder_version=”4.0.6″][\/et_pb_image][\/et_pb_column][et_pb_column type=”3_5″ _builder_version=”4.0.6″][et_pb_text _builder_version=”4.0.6″] 
\nERISA does not require a retirement plan to have an IPS, but the Department of Labor’s regular practice of asking to see a plan\u2019s IPS in plan audits is a clear best practice indicator.<\/strong><\/em>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.0.6″][et_pb_column type=”4_4″ _builder_version=”4.0.6″][et_pb_text admin_label=”Text” _builder_version=”4.0.6″ hover_enabled=”0″]Not to be confused with a financial audit performed by a Certified Public Accountant, an audit of an IPS examines the execution of the process defined in the IPS but does not address investment or financial outcomes.<\/b><\/p>\n

While the extent of the controls over the investment decision-making practices of fiduciary committees differs somewhat among ERISA plan sponsors, the tests applied to each evaluation focus on standard criteria in an audit. Those criteria include due diligence concerning the selection of money managers, adherence to the IPS specifications, and documentation of the monitoring activities.<\/b><\/p>\n

Objectives and scope<\/h2>\n

Key objectives of an IPS audit are to determine whether the fiduciaries of an ERISA qualified plan:<\/b><\/p>\n

\n

\n <\/p>\n
• Have and adhere to policies, procedures, and related controls for initial due diligence and ongoing monitoring of the plan\u2019s investments;<\/b><\/li>\n
• Have and adhere to policies, procedures, and related controls for selection and ongoing monitoring of external managers of investments;<\/b><\/li>\n
• The duties and responsibilities of all parties involved are defined;<\/b><\/li>\n
• Diversification and rebalancing guidelines consistent with specified risk, return, time horizon, and cash flow parameters exist;<\/b><\/li>\n
• Procedures for controlling and accounting for investment expenses are defined;<\/b><\/li>\n
• Consistently apply the due diligence process for selecting investment vehicles;<\/b><\/li>\n
• Passive and active investment strategies are considered, documented, and appropriately implemented; and<\/li>\n
• Decisions regarding the use of separately managed and commingled accounts, such as mutual funds and unit trusts, are documented.<\/b><\/li>\n<\/ul>\n<\/div>\n

  Why does a plan need an IPS audit?<\/h2>\n

  Two key factors drive the need for IPS audits.<\/b><\/p>\n

  \n

  \n
  1. External events and market volatility emphasize the need to maintain an investment lineup and decision-making process relevant to the needs of an ERISA plan\u2019s participants.<\/b><\/li>\n

      <\/p>\n

  2. The U.S. Department of Labor and class action attorneys use an IPS and a plan\u2019s related documentation as primary determinants of the diligence and competence of the plan\u2019s fiduciaries. The old adage \u201cWhere there\u2019s smoke, there\u2019s fire\u201d applies.<\/b><\/li>\n<\/ol>\n<\/div>\n

     When does a plan need an IPS audit?<\/h2>\n

     ERISA requires that retirement and pension plans receive annual audits from a qualified financial auditor once they reach specific plan participant count thresholds. A plan sponsor’s preparation for the financial audits should include an IPS audit conducted in advance by an independent expert in ERISA process audit standards. Plans that aren’t required to have an annual financial audit should, nevertheless, commission a yearly IPS audit.<\/b><\/p>\n

     Roland|Criss conducts IPS audits for ERISA qualified plans.<\/b><\/em>[\/et_pb_text][et_pb_button button_url=”https:\/\/rolandcriss.com\/contact-us\/” button_text=”Ask us” _builder_version=”4.0.6″ custom_button=”on” button_text_color=”#ffffff” button_bg_color=”#0c71c3″][\/et_pb_button][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"

     The Investment Policy Statement (“IPS”) is an essential governance document for retirement plans qualified under the Employee Retirement Income Security Act. An annual examination of adherence to the IPS provisions is a vital fiduciary safeguard.<\/strong>\t\t<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"on","_et_pb_old_content":"

     Practical Tip<\/h6>\r\nTo meet emerging cybersecurity standards as plan sponsors, employers need to understand some basic rules, specifically the Employee Retirement Income Security Act (\"ERISA\").<\/strong>\r\n\r\nThe U.S. Department of Labor (\"DOL\") is developing cybersecurity objectives for plan fiduciaries that form the basis for its plan audits. It's likely that the DOL's guidelines will add to the foundation on which data security related class action lawsuits are litigated.<\/strong>\r\n\r\n\r\nCybersecurity for benefit plans often falls outside the scope\r\nof cybersecurity planning for enterprisess at large.<\/strong><\/em>\r\n\u00a0\r\n\u00a0\r\nBenefit plans often maintain and share sensitive employee data and asset information across multiple unrelated entities as a part of the benefit plan administration process. This data and asset information should be specifically considered when implementing cybersecurity risk management measures.<\/strong>\r\n\r\nBecause benefit plans are regulated by ERISA, anyone who interacts with the plan should be particularly aware of the impact that breaches have on participants and beneficiaries and the associated rights and duties of plan fiduciaries arising under ERISA.<\/strong>\r\n\r\nEveryone who comes in contact with personally identifiable information (\u201cPII\u201d) has a role to play in protecting plan data.<\/strong>\r\n\r\nHere's where to start...<\/strong>\r\n\u00a0\r\n

     \r\n

     Adopt a Cybersecurity Policy<\/h2>\r\nRegardless of a plan's size or complexity, the need for a cybersecurity policy statement<\/em> (\"CPS\") has escalated to the same level of importance as an investment policy statement. If your plan currently lacks a CPS, don't delay in adding one to the policies on which you rely to demonstrate that your plan is being managed prudently.<\/strong>\r\n

     Conduct a Cybersecurity Risk Assessment<\/h2>\r\nInitiate an examination of your plan's current cybersecurity sensitivities, resourced either internally or by a qualified third-party expert. A legally defensible risk assessment will adhere to 18 discovery tasks. Scored on a scale of 1 to 100, an assessment offers a way to ensure continued improvement. Ask Roland|Criss for a list<\/em><\/a>.<\/strong>\r\n\r\n

     Elevate Cybersecurity to a High Monitoring Priority<\/h2>\r\nThe agendas of benefit plan related committees should include a permanent entry for monitoring a security management plan<\/em>. Best practices for ERISA governance, risk management, and compliance (\"GRC\") systems now require evidence of robust monitoring. Using a technology application tailored for that purpose is a must. Ask us about FiduciaryGRC<\/a>^{\u2122<\/sup>, a state of the art cybersecurity solution that covers the entire risk spectrum; assessment, technology, and monitoring.<\/strong>\r\n\r\nFiduciaryGRC\u2122<\/sup> is a trademark of Roland|Criss.<\/span>","_et_gb_content_width":"","om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"sync_status":"","episode_type":"","audio_file":"","castos_file_data":"","podmotor_file_id":"","cover_image":"","cover_image_id":"","duration":"","filesize":"","filesize_raw":"","date_recorded":"","explicit":"","block":"","footnotes":""},"categories":[7],"tags":[],"class_list":["post-34382","post","type-post","status-publish","format-standard","hentry","category-retirement-plans"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rolandcriss.com\/wp-json\/wp\/v2\/posts\/34382","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rolandcriss.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rolandcriss.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rolandcriss.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/rolandcriss.com\/wp-json\/wp\/v2\/comments?post=34382"}],"version-history":[{"count":23,"href":"https:\/\/rolandcriss.com\/wp-json\/wp\/v2\/posts\/34382\/revisions"}],"predecessor-version":[{"id":34414,"href":"https:\/\/rolandcriss.com\/wp-json\/wp\/v2\/posts\/34382\/revisions\/34414"}],"wp:attachment":[{"href":"https:\/\/rolandcriss.com\/wp-json\/wp\/v2\/media?parent=34382"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rolandcriss.com\/wp-json\/wp\/v2\/categories?post=34382"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rolandcriss.com\/wp-json\/wp\/v2\/tags?post=34382"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}}