Skip to Content
Image of people meeting
Case Study

SOC 1 audit for government pension plan

September 22, 2016 / 2 min read

MERS of Michigan proactively completes a SOC 1 Type 2 audit of their defined benefit pension plan system.

The client

MERS of Michigan (Municipal Employees’ Retirement System) is an agent multiple-employer defined benefit pension plan that serves Michigan municipalities and their employees. MERS administers nearly 2,400 plans represented by more than 700 Michigan municipal members with a combined value of more than $9 billion. MERS serves more than 100,000 participants.

The challenge

During the 2014 calendar year, MERS had to prepare for its employers pending required implementation of GASB 68. While GASB 68 didn’t directly impact MERS, MERS needed to work closely with the participating municipalities to provide all of the information required to comply with this new accounting standard. MERS understood that only providing its fiscal 2014 audited financial statements to its members wouldn’t provide the municipalities with sufficient audit evidence. It was critical, therefore, that MERS provide timely additional audit information in order for the participating municipalities to be able to rely on the accuracy of the net pension liability they were recording under GASB 68. Absent this additional audit evidence, the participating employers would be facing modified audit opinions.MERS was faced with two choices:

  1. Complete and issue a SOC 1 Type 2 audit of its internal controls by February 2015 (the most cost-effective method) along with a separate opinion on the Schedule of Changes in Net Position by Employer as a whole, or
  2. Issue a direct opinion on each employer’s Schedule of Changes in Net Position; this would be a much more costly alternative.

The solution

After several discussions, MERS decided to proactively complete a SOC 1 Type 2 audit of the controls surrounding its defined benefit pension plan system in order for the participating municipalities and their auditors to be able to rely on the GASB 68 information provided by MERS and its actuaries. The audit report would identify the controls in place and report on the design and effectiveness of controls to provide reasonable assurance that contributions, net investment income, and benefit payments as reported by the organization are accurate.

In order to complete the SOC 1 audit by December 31, 2014, our engagement team performed a readiness assessment within a condensed time frame. This process resulted in the documentation of descriptions of the MERS defined benefit pension plan system. Once the system that was to be audited was documented, we identified the controls within that system and identified any gaps for MERS to remediate. 

Then, within a very short turnaround, we performed a SOC 1 Type 2 examination covering the period January 1, 2014, through December 31, 2014, that was issued in February 2015. We were able to draw upon our deep bench of government experts to assemble a team of specialists that was able to successfully complete the examination within the aggressive deadline.

The benefit

We worked with MERS to ensure all MERS participating municipalities would receive the additional audit evidence the SOC 1 needed under GASB 68 on a timely basis and in the most cost-effective manner. By being on the cutting edge of this issue, our joint initiatives saved MERS a significant amount of time and staff resources at about one-quarter of the cost of the alternative solution. MERS estimates that, overall, is was able to save its customers over $2 million in additional implementation costs for GASB 68. Our team supported MERS with an additional audit to help manage a reporting change, GASB 68. Our ability to perform specialty audits, such as the SOC 1, allows clients like MERS to enjoy the confidence and continuity of the same vendor for all their audit needs.

Related Thinking

Business professional checking the multifactor authentication code on their cell phone.
November 1, 2024

Preparing for the inevitable: Navigating third-party tech failures

Article 7 min read
Parent sitting on the floor with their child and learning about how school districts can proactively manage cyber risk to protect student data.
October 30, 2024

Cybersecurity essentials for K-12 schools: Protecting students and data

Article 6 min read
Business professionals discussing their retirement system cybersecurity.
September 26, 2024

Cybersecurity: Protecting your retirement system from hidden threats

Article 7 min read