\nERISA does not require a retirement plan to have an IPS, but the Department of Labor’s regular practice of asking to see a plan\u2019s IPS in plan audits is a clear best practice indicator.<\/strong><\/em>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.0.6″][et_pb_column type=”4_4″ _builder_version=”4.0.6″][et_pb_text admin_label=”Text” _builder_version=”4.0.6″ hover_enabled=”0″]Not to be confused with a financial audit performed by a Certified Public Accountant, an audit of an IPS examines the execution of the process defined in the IPS but does not address investment or financial outcomes.<\/b><\/p>\n
While the extent of the controls over the investment decision-making practices of fiduciary committees differs somewhat among ERISA plan sponsors, the tests applied to each evaluation focus on standard criteria in an audit. Those criteria include due diligence concerning the selection of money managers, adherence to the IPS specifications, and documentation of the monitoring activities.<\/b><\/p>\nObjectives and scope<\/h2>\n
Key objectives of an IPS audit are to determine whether the fiduciaries of an ERISA qualified plan:<\/b><\/p>\n Two key factors drive the need for IPS audits.<\/b><\/p>\n <\/p>\n ERISA requires that retirement and pension plans receive annual audits from a qualified financial auditor once they reach specific plan participant count thresholds. A plan sponsor’s preparation for the financial audits should include an IPS audit conducted in advance by an independent expert in ERISA process audit standards. Plans that aren’t required to have an annual financial audit should, nevertheless, commission a yearly IPS audit.<\/b><\/p>\n Roland|Criss conducts IPS audits for ERISA qualified plans.<\/b><\/em>[\/et_pb_text][et_pb_button button_url=”https:\/\/rolandcriss.com\/contact-us\/” button_text=”Ask us” _builder_version=”4.0.6″ custom_button=”on” button_text_color=”#ffffff” button_bg_color=”#0c71c3″][\/et_pb_button][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":" The Investment Policy Statement (“IPS”) is an essential governance document for retirement plans qualified under the Employee Retirement Income Security Act. An annual examination of adherence to the IPS provisions is a vital fiduciary safeguard.<\/strong>\t\t<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"on","_et_pb_old_content":"\n <\/p>\n
Why does a plan need an IPS audit?<\/h2>\n
\n
When does a plan need an IPS audit?<\/h2>\n
Practical Tip<\/h6>\r\nTo meet emerging cybersecurity standards as plan sponsors, employers need to understand some basic rules, specifically the Employee Retirement Income Security Act (\"ERISA\").<\/strong>\r\n\r\nThe U.S. Department of Labor (\"DOL\") is developing cybersecurity objectives for plan fiduciaries that form the basis for its plan audits. It's likely that the DOL's guidelines will add to the foundation on which data security related class action lawsuits are litigated.<\/strong>\r\n\r\n
![\"\"](\"https:\/\/rolandcriss.com\/wp-content\/uploads\/2020\/02\/Cybersecurity-Expert-300x143.jpg\")
\r\nCybersecurity for benefit plans often falls outside the scope\r\nof cybersecurity planning for enterprisess at large.<\/strong><\/em>\r\n\u00a0\r\n\u00a0\r\nBenefit plans often maintain and share sensitive employee data and asset information across multiple unrelated entities as a part of the benefit plan administration process. This data and asset information should be specifically considered when implementing cybersecurity risk management measures.<\/strong>\r\n\r\nBecause benefit plans are regulated by ERISA, anyone who interacts with the plan should be particularly aware of the impact that breaches have on participants and beneficiaries and the associated rights and duties of plan fiduciaries arising under ERISA.<\/strong>\r\n\r\nEveryone who comes in contact with personally identifiable information (\u201cPII\u201d) has a role to play in protecting plan data.<\/strong>\r\n\r\nHere's where to start...<\/strong>\r\n\u00a0\r\nAdopt a Cybersecurity Policy<\/h2>\r\nRegardless of a plan's size or complexity, the need for a cybersecurity policy statement<\/em> (\"CPS\") has escalated to the same level of importance as an investment policy statement. If your plan currently lacks a CPS, don't delay in adding one to the policies on which you rely to demonstrate that your plan is being managed prudently.<\/strong>\r\n
Conduct a Cybersecurity Risk Assessment<\/h2>\r\nInitiate an examination of your plan's current cybersecurity sensitivities, resourced either internally or by a qualified third-party expert. A legally defensible risk assessment will adhere to 18 discovery tasks. Scored on a scale of 1 to 100, an assessment offers a way to ensure continued improvement. Ask Roland|Criss for a list<\/em><\/a>.<\/strong>\r\n\r\n
Elevate Cybersecurity to a High Monitoring Priority<\/h2>\r\nThe agendas of benefit plan related committees should include a permanent entry for monitoring a security management plan<\/em>. Best practices for ERISA governance, risk management, and compliance (\"GRC\") systems now require evidence of robust monitoring. Using a technology application tailored for that purpose is a must. Ask us about FiduciaryGRC<\/a>\u2122<\/sup>, a state of the art cybersecurity solution that covers the entire risk spectrum; assessment, technology, and monitoring.<\/strong>\r\n\r\nFiduciaryGRC\u2122<\/sup> is a trademark of Roland|Criss.<\/span>","_et_gb_content_width":"","om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"sync_status":"","episode_type":"","audio_file":"","castos_file_data":"","podmotor_file_id":"","cover_image":"","cover_image_id":"","duration":"","filesize":"","filesize_raw":"","date_recorded":"","explicit":"","block":"","footnotes":""},"categories":[7],"tags":[],"class_list":["post-34382","post","type-post","status-publish","format-standard","hentry","category-retirement-plans"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rolandcriss.com\/wp-json\/wp\/v2\/posts\/34382","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rolandcriss.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rolandcriss.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rolandcriss.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/rolandcriss.com\/wp-json\/wp\/v2\/comments?post=34382"}],"version-history":[{"count":23,"href":"https:\/\/rolandcriss.com\/wp-json\/wp\/v2\/posts\/34382\/revisions"}],"predecessor-version":[{"id":34414,"href":"https:\/\/rolandcriss.com\/wp-json\/wp\/v2\/posts\/34382\/revisions\/34414"}],"wp:attachment":[{"href":"https:\/\/rolandcriss.com\/wp-json\/wp\/v2\/media?parent=34382"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rolandcriss.com\/wp-json\/wp\/v2\/categories?post=34382"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rolandcriss.com\/wp-json\/wp\/v2\/tags?post=34382"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}