As a SAS 70 auditor for many years, i’ve seen a huge increase in the number of third party administrators (TPA) that are required to go through a SAS 70 Type I or SAS 70 Type II audit. Man of these TPA organizations are considered small, with limited budgets, thus they voice a great deal of frustration about the time and costs of this highly specialized audit process. What’s worse, many feel the value of the audit is simply lacking, as many CPA firms do not have the knowledge or background sufficient for auditing a Third Party Administrator (TPA).
With that said, it’s important you properly assess the value of the CPA firm for their overall expertise and knowledge for a TPA. The term TPA is a broad and much overused term, based on the fact that many organizations “administer” some kind of business function of claim, ranging from property and casualty to self funded health and benefits claims.
When assessing a CPA firm, ask them how many SAS 70 audits they have conducted on a TPA and also ask them if they can provide you with a SAS 70 sample report, whereby you can actually see and visualize their expertise.
Also, ask them for a fixed fee, as SAS 70 pricing is now becoming a very important issue for budget minded Third Party Administrators (TPA).
To learn more about SAS 70 audits, visit the official SAS 70 Resource guide, where helpful information awaits any interested reader.