• Company Information
• Professional Audits

Professional Audits

SAS 70

What is SAS 70?
Statement on Auditing Standards (SAS) No. 70, Service Organizations, is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A SAS 70 examination signifies that a service organization, like Benefit Strategies, LLC has had its control objectives and control activities examined by an independent accounting and auditing firm. A formal report including the auditor's opinion is issued to the service organization at the conclusion of a SAS 70 examination. The report enables service organizations to demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers.

The SAS70 report is intended to provide interested parties with information about Benefit Strategies controls relative to the processing of client organizations' transactions applicable to the administration of daily Valuation Defined Contribution Retirement Plans and Section 125 Flexible Spending Plans. This report, when combined with an understanding of the controls at client organizations, is intended to assist user auditors in planning the audit of client organizations. It is also intended to assess control risk for assertion in client organizations' financial statements that may be affected by controls at Benefit Strategies.

Why does Benefit Strategies maintain the SAS 70 Certification?
Since many financial institutions require that their vendors maintain a SAS 70 Certification, and we know that financial institutions are a very thorough industry, this Certification shows our dedication to exceeding our clients' expectations. Benefit Strategies provides services directly related to maintaining plan participant account (financial) information and we feel very strongly that our processes and transactions fall under the same scrutiny. It is very important that our clients, both employers and participants, feel that we have their best interest in mind.

What is required for Benefit Strategies to continue to qualify for the SAS 70 Certification?
Benefit Strategies participates in an annual audit performed by an independent accounting and auditing firm and receives confirmation of our continued compliance with SAS 70 standards.

Professional Audit Completed by NSK, Inc

An IT Security Audit was performed by Ben R. Howard a CISSP Auditor with NSK, Inc.            

Benefit Strategies, LLC, requested an independent formal evaluation of their information security program by NSK, Inc. This evaluation included reviewing possible compliance issues that relate to the type of business in which Benefit Strategies engages. NSK, Inc,. provided a CISSP certified information security professional with a background in information security from the US Department of Defense to audit the information security program using standardized methodologies such as those defined by Information Systems Audit Control Association (ISACA). The audit took place over a one week period in September 2010 and included a follow-up review approximately one month later.

After having performed both the initial audit and the follow-up review, it is the opinion of NSK, Inc., that Benefit Strategies, LLC, is performing reasonable actions necessary to conform to best practices in information security as defined by both ISACA and the International Information Systems Security Certification Consortium (ISC)2, as well as to maintain compliance with the Massachusetts data security law, 201 CMR 17.00. The policies and standards that Benefit Strategies, LLC, have in place provide a framework for their information security program.

Benefit Strategies, LLC, has taken the initiative to update their information security program to reflect an evolving security and compliance landscape. They have clearly identified policies for appropriate use and educated their employees on these policies. The security program at Benefit Strategies, LLC, requires reasonable measures to identify potential threats as well as establish the necessary actions to both remediate and recover from threats, vulnerabilities, and potential disasters. Benefit Strategies, LLC, named an Information Security Compliance Officer to monitor adherence to the security program and be a point of contact for information security related incidents. The security program requires periodic independent third party reviews of the program.