The Ins and Outs of Employee Benefit Plan Audits

Retirement plans are an important part of your business, but keeping up with regulatory and compliance standards can be a challenge. We’ve compiled a comprehensive guide to help you understand the ins and outs of employee benefit plan audits.

Understand the Basics of Employee Benefit Plans

What is a Qualified Employee Benefit Plan?

A qualified retirement plan is one that meets the requirements of ERISA, the Employee Retirement Income Security Act of 1974. ERISA protects the assets of employees and helps ensure the money they invest in an employee benefit plan will be available to them when they retire. Title 1 of ERISA describes annual reporting requirements for applicable employee benefit plans. Certain plans are exempt from this reporting, including certain 403(b) plans falling under defined safe harbor rules.

In general, ERISA applies to the following types of benefit plans:

• Defined benefit (pension) and defined contribution plans (401k retirement plans, 403b retirement plans), ESOP, profit sharing, etc. sponsored by non-governmental, non-church organizations
• Funded health benefit plans and welfare benefit plans (insured or otherwise)
• Flexible Spending Accounts (FSAs)
• Health Reimbursement Accounts (HRAs)
• Collectively bargained employee benefit plans, which may offer defined benefit, defined contribution, health care benefits

Please consult an attorney if you are unsure if your plan is subject to Title I of ERISA.

Does Your ERISA Plan Need an Audit?

Since 2023, the Department of Labor has mandated an audit of financial statements for plans with more than 100 participants holding an account balance at the start of any plan year. Prior to 2023, counting was based on the number of eligible participants. However, there is an exception known as the “80-120” rule, which allows deferring the audit until the plan reaches 120 participants.

Large plans must undergo an audit and file Schedule H Financial Information with their Form 5500 Annual Report. In contrast, small plans typically file Form 5500 Schedule I Financial Information, which does not require an audit.

What is an Employee Benefit Plan Audit?

In an employee benefit plan audit, auditors use information about the plan’s internal control environment, the nature of the plan, and other factors to assess the plausibility of the following areas:

• Compliance with plan documents
• Participant eligibility and participant data
• Contributions to the plan
• Distributions from the plan
• Participant loans
• Plan investments and related income
• Plan expenses
• Related party and party-in-interest transactions
• Tax compliance

When is the Audit Required to Be Completed?

The Form 5500 (and required audit report, if applicable) is generally due seven months following the last day of the plan year (this would be July 31 for calendar year-end plans). The filing may be extended by an additional 2.5 months.

Who is a Participant?

The term “participant” for this purpose can be confusing. In general, the participant count includes all employees who are eligible to participate in the plan, regardless of participation. The count also includes all participants who have separate employment yet maintain a balance (or a deferred, vested balance) within the plan as well as beneficiaries of deceased participants who are currently receiving benefits or are eligible to receive benefits in the future. Separate count rules are defined for welfare benefit plans.

Missing Participants

The Department of Labor has turned its attention to practices and procedures of plan sponsors regarding locating and distributing benefits to missing participants. From some reports, the Department of Labor is claiming breaches of fiduciary duty for plan sponsors who fail to perform regular searches for those missing and unresponsive participants.

For missing participants who are required to start receiving required minimum distributions, it is important to know that the IRS has a non-enforcement policy. When certain conditions are met, auditors will not challenge a qualified plan for failing to make required minimum distributions to missing participants.

Fiduciaries are required to perform at least three steps to locate missing participants:

1. Search plan and related plan, sponsor, and publicly available records or directories for alternative contact information.
2. Use any of these search methods: a commercial locator service, a credit reporting agency, or a proprietary internet search tool for locating individuals.
3. Attempt contact through U.S. Postal Service-certified mail to the last known mailing address and through appropriate means for any address or contact information (including email addresses and telephone numbers).

Do You Need a Retirement Plan Committee?

Establishing and maintaining an effective retirement plan committee devoted to the prudent management of the plan helps plan sponsors ensure their fiduciary obligations are met.

Forming a Retirement Plan Committee

• Establish by-laws and a charter so that attendees understand what they are expected to accomplish. Include the purpose of the committee, responsibilities, logistics (how often the committee will meet and where), required and optional attendees, and how actions and discussions will be documented for fiduciary file retention.
• Size is important. Too many people can lead to inefficiency, and too few may not provide enough resources to accomplish tasks or effectively evaluate decisions. Consider the following parties for meeting attendance: plan fiduciaries, at least one member of senior management, the plan or company’s legal counsel, and representatives from external vendors (depending on the topics to be discussed) including the plan’s trustee or custodian, recordkeeper, third-party administrator, investment advisor, etc.

Running the Committee

• Consider a consultant to help run the meetings. Consultants (such as an investment advisor or benefit plan specialist) can comment on recent regulatory updates or changes and bring insight obtained from peers when it comes to decision-making. They can also assist with drafting minutes and an investment policy statement.
• Plan to meet at least quarterly and more frequently during times of plan changes and updates.

Documenting the Results

• Designate a person to take detailed minutes for fiduciary file retention.
• Minutes of meetings should include an overview of discussions held, results of plan decisions, evidence of the review of investment fund performance and fee benchmarking, current plan trends (such as enrollment and participation status), regulatory updates and their impact on the plan, consideration of vendor selection and evaluation, etc.

Helpful Tips to Make Your Benefit Plan Audit Run Smoothly

• Request the “auditor’s package” from your service provider as early in the year as possible.
• Share the audit package with your audit team as soon as it comes.
• If you plan to elect to have an ERISA 103(a)(3)(C) audit, review the investment certification provided by your plan’s custodian to ensure your plan qualifies for this type of audit. Your auditor can answer questions about the requirements for an ERISA 103(a)(3)(C) audit including what constitutes a proper certification from a qualified institution.
• Request what is called a Prepared by Client (PBC) list from your audit team.
• Alert your auditor of any changes in service providers as they happen.
• Send your auditor plan amendments as they are issued.
• Reconcile the compensation and employee deferral contributions per your yearend payroll reporting to the plan’s census data.
• Send your census data for any non-discrimination testing to your record keeper as soon as available.
• Coach your HR or audit response team about the importance of the ABCs of an efficient, effective audit: anticipate needs, be ready, and communicate.

• Confirm the dates of fieldwork with your audit team.
• Introduce the service provider relationships (TPA, custodian, trustee, etc.) to your audit team.
• Allow audit team read-only access to your online records, if allowed.
• Make a point to coordinate requests from other departments, such as accounting, payroll, etc.
• Recognize the possible “chicken and the egg” battle regarding 5500 drafts and work with the service provider to obtain a draft of the Form 5500 prior to fieldwork.
• Establish one key point of contact for your audit team through the entire process.

• Have the data from the PBC list ready when the audit team arrives.
• Communicate your expectations with the audit team regarding sensitive requests, such as payroll and HR records.
• Accommodate the audit team with internet access so they can access the website of your custodian/record keeper or their network.
• If you elect for remote fieldwork, ensure all requested items are uploaded to the secure portal in advance of the agreed upon week for fieldwork.
• Whether fieldwork is on site or remove, make yourself available at pre-arranged times with the audit team to answer questions and save time on both ends.
• At the end of the week, ask about findings or concerns to prevent surprises.

• Be flexible as to when the 5500 is filed (pre-July 31 or pre-Oct. 15). There is no penalty for an extended filing, and sometimes the field work can be completed, but an open item or two can push you past July 31.
• Understand that management letter comments are there to help management identify where stronger controls may be needed. The IRS and DOL look specifically at the control environment around the plans they audit. Work with your plan auditors to develop sound control processes to help mitigate future regulatory audit findings.

Navigate Employee Benefit Plan Audits with Confidence

The world of employee benefit plan audits is complex and multi-faceted. A trusted advisor can help prevent headaches and carefully navigate compliance criteria and regulatory issues. Learn how an effective audit can ensure compliance and provide a strategy for future opportunities.