Upcoming Webinar:
News & Updates:
05/03/13 - Update on New PCOR Fees for HRAs
03/29/13 - Flex Card PIN Availability Begins 4/1
03/08/13 - Webinar Series Continues 3/13
02/12/13 - HCR Webinars on 2/21 and 3/1
01/07/13 - HCR Planning Webinar: Play-or-Pay
11/28/12 - Reminder: DCAP Reporting for W-2
10/10/12 - Reminder of 2013 Health FSA Max
09/26/12 - Healthcare Update: SBCs for HRAs
SSAE 16 Certification
ProBenefits is proud to have successfully completed the SSAE 16 SOC 1 Type II audit for the period of April 1, 2011 to March 31, 2012. SSAE 16 (Statements on Standards for Attestation Engagements No. 16) is the next generation of AICPA auditing standards for reporting on controls at service organizations (including data centers) in the United States. SSAE 16 goes beyond SAS 70 by requiring the auditor to obtain a written assertion from management regarding the design and operating effectiveness of the controls being reviewed. SSAE 16 also provides better alignment with the international audit standard ISAE 3402.
Independent Service Auditor's Report
"We have examined ProBenefits, Inc.'s (the Company or ProBenefits) description of its information technology, FSA, HRA, POP, and COBRA benefit system for processing user entities' transactions throughout the period of April 1, 2011, to March 31, 2012 and the suitability of the design and operating effectiveness of controls to achieve the related control objectives stated in the description. The description indicates that certain control objectives specified in the description can be achieved only if complementary user entity controls contemplated in the design of the Company's controls are suitably designed and operating effectively, along with the related controls at the service organization. We have not evaluated the suitability or the design or operating effectiveness of such complementary user entity controls.
Beginning in Section II of the description, the Company has provided an assertion about the fairness of the presentation of the description and suitability of the design and operating effectiveness of the controls to achieve the related control objectives stated in the description. The Company is responsible for preparing the description and for the assertion, including the completeness, accuracy, and method of presentation of the description and the assertion, providing the services covered by the description, specifying the control objectives and stating them in the description, identifying the risks that threaten the achievement of the control objectives, selecting the criteria and designing, implementing, and documenting controls to achieve the related control objectives stated in the description.
Our responsibility is to express an opinion on the fairness of the presentation of the description and on the suitability of the design and operating effectiveness of the controls to achieve the related control objectives stated in the description, based on our examination. We conducted our examination in accordance with attestation standards established by the American Institute of Certified Public Accountants. Those standards require that we plan and perform our examination to obtain reasonable assurance about whether, in all material respects, the description is fairly presented and controls were suitable designed an operating effectively to achieve the related control objectives stated in the description throughout the period April 1, 2011 to March 31, 2012.
An examination of a description of a service organization's system and the suitability of the design and operating effectiveness of the service organization's controls to achieve the related control objectives stated in the description involves performing procedures to obtain evidence about the fairness of the presentation of the description and the suitability of the design and operating effectiveness of those controls to achieve the related control objectives stated in the description. Our procedures also included testing the operating effectiveness of those controls that we consider necessary to provide reasonable assurance that the related control objectives stated in the description were achieved. An examination engagement of this type also includes evaluating the overall presentation of the description and the suitability of the control objectives stated therein, and the suitability of the criteria specified by the service organization and described beginning in Section II. We believe that the evidence we obtained is sufficient and appropriate to provide a reasonable basis for our opinion.
Because of their nature, controls at a service organization may not prevent, or detect and correct, all errors or omissions in processing or reporting transactions. Also, the projection to the future of any evaluation of the fairness of the presentation of the description, or conclusions about the suitability of the design or operating effectiveness of the controls to achieve the related control objectives is subject to the risk that controls at a service organization may become inadequate or fail.
In our opinion, in all material respects, based on the criteria described in the Company's assertion in Section II,
- the description fairly presents the information technology, FSA, HRA, POP, and COBRA benefit system that was designed and implemented throughout the period April 1, 2011 to March 31, 2012.
- the controls related to the control objectives stated in the description were suitably designed to provide reasonable assurance that the control objectives would be achieved if the controls operated effectively throughout the period April 1, 2011 to March 31, 2012 and user entities applied the complementary user entity controls contemplated in the design of the Company's controls throughout the period April 1, 2011 to March 31, 2012.
- the controls tested, which together with the complementary user entity controls referred to win the scope paragraph of this report, if operating effectively, were those necessary to provide reasonable assurance that the control objectives stated in the description were achieved, operated effectively throughout the period April 1, 2011 to March 31, 2012.
The specific controls tested and the nature, timing, and results of those tests are listed in Section III.
In Section IV, ProBenefits addresses the development of two internal documents that will be in effect in the first quarter of 2013. This information has been provided by ProBenefits as additional information and is not part of ProBenefits's description of its, FSA, HRA, POP, and COBRA benefits system made available to user entities during the period April 1, 2011 to March 31, 2012. This information has not been subjected to the procedures applied in the examination of the description of the benefit system and the suitability of the design and operating effectiveness of controls to achieve the related control objectives stated in the description of the benefits system.
This report, including the description of tests of controls and results thereof in Section III, is intended solely for the information and use of the Company, user entities of the Company's information technology, FSA, HRA, POP, and COBRA benefit system during some or all of the period April 1, 2011 to March 31, 2012, and the independent auditors of such user entities, who have a sufficient understanding to consider it, along with other information including information about controls implemented by user entities themselves, when assessing the risks of material misstatements of user entities' financial statements. This report is not intended to be and should not be used by anyone other than these specified parties.
SAS70 CPA
SAS 70 CPA
2997-A Alt 19
Palm Harbor, FL 34683
April 2, 2012"