The _________________ requires all federal agencies to create a breach notification plan.

(Figure 6) Investigation Guidelines

Part I. Background Information

Obtain the following data for the pension or welfare plan which has been selected for investigation.

Note: You need not complete the following items to the extent that the data is already in your possession; for example, on Form 5500.

A. General

Plan name _____________________________________

Plan sponsor name _____________________________

Plan administrator name _______________________

Sponsor EIN ________________ Plan number ______

Plan address ___________________________________

________________________________________________

Contact person ______________ Telephone ____________

B. Coverage (describe types and locations of employees covered by the plan)

number of participants _________

active _________

retired or separated _________

Type of Plan

Pension

defined benefit
profit sharing
stock bonus
target benefit
other money purchase
ESOP
other ________________

Welfare

health benefit
fully insured
self-funded
life insurance
other ________________

Administration

single employer
multi-employer
other ________________

total _________

C. Type of Plan

D. Contributions

Sponsor (number and types of employers, unions or other organizations contributing to plan)

_____________________________________________________

_____________________________________________________

Participants contribute ____ yes ____ no

E. Funding

____ trusteed

____ insured

____ both trusteed and insured from sponsor assets

name and location of trust fund

__________________________________________

insurance carriers and insurance vehicles

_________________________________________

_________________________________________

total plan assets $ ___________ at (date)______________

F. Plan Managers (include named fiduciaries)

Plan Managers

Name

______________________________________

______________________________________

______________________________________

______________________________________

______________________________________

Title (officer, trustee, committee member, etc.)

______________________________________

______________________________________

______________________________________

______________________________________

______________________________________

G. Service Providers (attorney, accountant, actuary, insurance agent, contract administrator, investment manager, etc.)

Service Providers

Name

_________________________

_________________________

_________________________

_________________________

_________________________

_________________________

_________________________

_________________________

Company

_________________________

_________________________

_________________________

_________________________

_________________________

_________________________

_________________________

_________________________

Type of Service

_________________________

_________________________

_________________________

_________________________

_________________________

_________________________

_________________________

_________________________

H. Verifications

date of most recent audit by outside auditors______________

date of most recent review by internal auditors____________

date of most recent actuarial valuation___________________

I. Plan Documents

List the basic documents, which establish and govern the plan and/or trust

____________________________________________________________

____________________________________________________________

____________________________________________________________

J. Plan Records

List the basic books and records of the plan, e.g., contribution records, participant hours/earnings/ benefits, records, investment policies, claim forms and files, bank statements, trust reports, cash books, journals, ledgers, inventories, investment reports, etc

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

K. List related plans and trusts

___________________________________________________________________

___________________________________________________________________

Part II. Review Procedures

1. Fiduciary - Establishment of Plan
   1. Determine that the employee benefit plan has been established pursuant to a written instrument.
   2. Determine that the written instrument provides for one or more named fiduciaries.
   3. Determine that the plan
      1. provides a procedure for establishing and carrying out a funding policy consistent with plan objectives.
      2. describes any procedure for allocating responsibilities for the operation and administration of the plan.
      3. provides a procedure for amending the plan and for identifying the persons who have authority to amend the plan.
      4. specifies the basis on which payments are made to and from the plan.
2. Fiduciary - Establishment of Trust
   Ascertain that assets of the plan are held in trust [unless the assets are insurance contracts, are held by insurance companies or are otherwise exempted by section 403(b)].
3. Fiduciary Duties
   1. Examine all or selected expenses paid or incurred by the plan for the last year in an attempt to identify expenses which were not incurred exclusively to provide benefits to participants and their beneficiaries or to defray reasonable plan administrative costs. Examine income and expense statements and the general ledger accounts for unusual expenses (accounts). Examine selected cash disbursements and non-cash transactions and supporting documentation for transactions, which appear unrelated to operating the plan.
   2. Examine administrative expenses for categories that appear unreasonably costly in relation to other similar plans.
   3. Explore the management of plan operations by examining whether contributions are collected timely; cash is deposited promptly; investment certificates are properly safeguarded; assets are appropriately insured; reserves and retentions held by insurance carriers are not unreasonable; tax qualified status with IRS is maintained; PBGC insurance is current.
   4. Analyze plan investments to ascertain extent of diversification. Consider diversification:
      1. among types of investments, i.e., stocks, bonds, real estate, etc.;
      2. within types, i.e., is common stock all of one or two companies; and
      3. geographical areas of investment.
         Determine if investment portfolio appears to adhere to investment policy in plan instruments, minutes of meetings, etc.
   5. Read the basic plan documents and note substantive policy direction (other than investment policy) to the plan fiduciaries and examine if it is being followed.
   6. Inquire whether any plan funds are invested in assets which are beyond the reach of United States courts in contravention of section 404(b).
4. Fiduciary - Co-Fiduciary Liability
   Examine selected allocations of fiduciary responsibilities (other than trustee responsibilities) to both named fiduciaries and other fiduciaries, to determine if they have been allocated in accordance with the instrument under which the plan is maintained.
5. Fiduciary - Prohibited Transaction
   1. Obtain a list of parties in interest from the plan. Compare to the lists of plan sponsors, plan managers, and service providers obtained in Part I of these guidelines. Determine how plan management identifies parties in interest and how plan fiduciaries prevent inadvertent party in interest transactions from occurring.
   2. Inquire as to any applications for individual exemptions from prohibited transactions for the plan and their status. Compare with OED information available at RO, and clarify if necessary. Also be aware of applicable statutory and class exemptions.
   3. For selected sales, purchases, and lease property transactions by the plan during the period being investigated, examine property records and supporting documentation to ascertain if any of the transactions were between the plan and a party in interest.
   4. Examine accounts receivable, accounts payable, cash receipt records, and cash disbursement records for the period under examination in an attempt to identify any loan of money or extension of credit by the plan to or from a party in interest.
   5. For the period being investigated, examine expense accounts representing acquisition of goods, services or facilities by the plan. For selected transactions, ascertain whether they were acquired by the plan from a party in interest.
   6. Inquire as to any plan assets, which have been transferred. Ascertain whether such assets were transferred to parties in interest.
   7. For some of the larger and continuous transactions in which the plan engages, e.g., purchases/sales of securities, purchases/sales of properties, placing of insurance contracts, advisory and consulting fees, etc., ascertain the organizations that acted as broker, agent, consultant, etc. Determine whether any of the plan's fiduciary have had any ownership or direct involvement in these organizations, or have received any remuneration from their organizations.
6. Fiduciary - Employer Securities and Real Property
   Request a listing of all employer securities and properties held by the plan. Ascertain whether any such post-ERISA acquisitions have resulted in holdings by the plan of employer securities and properties in excess of 10% of total plan assets (measured on a fair market value basis).
7. Bonding
   The Bonding Checklist and Bonding Computation Sheet will ordinarily be completed for every plan. See Figure 3.
8. Reporting and Disclosure
   The Reporting and Disclosure Checklists and Individual Benefit Statement Compliance Checklist will ordinarily be completed for every plan. See Figure 4 and Figure 5.
9. Verifying Financial Data Reported
   Verify the accuracy of plan financial data reported to DOL on the most recent annual report by:
   1. Determining whether the plan is exempt from completing financial data on annual report forms and from engaging an independent qualified public accountant pursuant to DOL regulation.
   2. Determining for non-exempt plans that the annual report, related schedules, and accountant's opinion have been completed and reported, as appropriate.
10. Verifying Assets Held by Third Parties
    If a plan fiduciary or other plan official indicates that plan assets are being held by a third party, such as an investment manager or custodian, verify that the assets exist and are in the name of the plan by contacting the third party directly.
11. Claims Procedures
    Determine whether plan instruments and operating procedures provide for:
    1. Prompt handling of claims from participants and beneficiaries.
    2. Notice in writing to participants and beneficiaries of claim denials and reasons therefore.
    3. Full and fair review by a named fiduciary of claim denials.

What IS the FISMA in simple terms?

What IS the federal information security Management Act FISMA of 2002 why IS IT so important?

What IS FISMA specify any Act of IT?

What was the first federal law to address federal security?