Having effective internal controls is one of the most vital aspects in any organization’s operation. Effective internal controls can provide a preventive immunity against intentional fraud, inadvertent errors, compliance problems and unexpected operational failures, as well as efficient detective and corrective tools that warrant a successful achievement of the organization’s objectives and strategies.
Among organizations that need incessant effective operating internal controls, trust funds are found to be at the top of the list because they are administered and functioned by different third-party stakeholders to serve the ultimate needs and goals of numerous participants or beneficiaries. For Taft-Hartley trust funds, which are formed to provide exclusive benefits to their participants and beneficiaries, the consequences from the inadequacy of the internal controls could be severe.
Trust Fund’s Key Activities
Establishing the trust fund’s internal controls requires understanding of the key business activities and processes. Contributions, benefit payments, investment management, financial reporting and compliance are the key activities that any trust fund would have and, accordingly, internal controls over these key activities need to be maintained effectively.
Inappropriate processing of contributions received or benefits paid due to underpayments, overpayments, delinquency, untimely processing, embezzlements, or improper accounting and reporting, could severely impact the trust fund’s assets, financial performance, financial reports, as well as its compliance with regulatory and tax status compliance requirements. Likewise, the trust fund’s assets, investments and their earnings could be inappropriately saved, entrusted, valued, traded, diversified, accounted for, allocated, reported, or even not be held and placed compliant with the regulatory agreements and documents of a trust fund. Improper financial reporting may cause the trust fund to lose its tax-exempt status and may cause additional burdens on sponsors or participants such as failing to meet or report regulatory funding requirements.
Internal Control Duties and Responsibilities of Trust Fund
Establishing internal controls is ultimately the responsibility of the trustees. However, trustees assign part of their responsibilities to other third-party service providers who can run certain functions on behalf of a trust fund. It is the responsibility of each service provider to ensure reliable internal controls. For example, a custodian who holds and manages a trust fund’s assets should have reliable controls to secure, safeguard and account for such assets in accordance with the regulatory and accounting requirements.
Maintaining effective internal controls begins by setting up a risk management process, which identifies what-could-go-wrong (WCGWs) risks and then figures out the most efficient and effective practices to mitigate such risks and to develop effective design and implementation of the internal controls. After the internal controls are designed and implemented, an ongoing testing and evaluation should be performed to monitor whether the internal controls are effectively operating and are able to prevent, detect or correct the risks and WCGWs, followed by timely and adequate communications between the concerned stakeholders.
Best Practices and Recommendations
Because more trust funds are now being administered by third-party administrators (TPAs), due to the significantly increasing amount of resources needed for proper operation, it is essential for the TPAs to have policies, written procedures and rigid computerized systems to configure electronic verifications and reconciliations of the receipts, disbursements and other accounting entries, and segregation of incompatible duties. TPAs should also track the compliance requirements by closely monitoring the regulations, diligently conducting their reviews, and hiring competent and qualified consultants to do so, such as actuaries, claims processers and auditors. Reviewing the outsourced service provider’s SOC reports would help monitor whether such providers maintain internal controls that can be relied on. In addition, an annual audit of the financial statements may also provide an assessment of the trust funds’ internal controls. Although the audit objective does not include expressing an opinion on the effectiveness of the trust fund’s internal controls, an audit often reveals deficiencies in internal controls, in which case, auditors are required to communicate this with the trustees.
It is the ultimate responsibility of the trustees to ensure that everything is working properly with the trust fund. If all or part of the trustees’ duties are outsourced to a TPA or another outside service provider, the trustees need to meet regularly in order to review the performance of the service providers. It is critical that trustees take actions so that failures in the internal controls are corrected and prevented in a timely manner.