401(k) Audit FAQs (Answered by the Auditors)

Certain employee benefit plans, including 401(k) plans, require an audit by an independent CPA. Does yours?

We’ve outlined the answer to this question and several others that our team of employee benefit plan experts hear the most about 401(k) audits.

Download our ebook, Employee Benefit Plan Audits: A Comprehensive Guide to Understanding Requirements and Navigating the Process, to understand the regulations and prepare your organization well.

When Does My Company Need a 401(k) Audit?

The general rule is that you need a 401(k) audit when your plan has more than 100 participants with plan account balances.

The audit needs to be performed within seven months following the last month of the plan year, though it’s possible to apply for an extension of an additional two and a half months.

What Is the Purpose of a 401(k) Audit?

401(k) audits focus on two key aspects: financial reporting and compliance.

A 401(k) audit will verify the accuracy of all financial information contained in your company’s Form 5500 and relevant financial statements.

The audit will also determine whether the 401(k) plan complies with the IRS and Department of Labor (DOL) regulations and the plan documents associated with the plan.

During a 401(k) audit, the auditor may identify practices, procedures and other internal processes that have the potential to cause plan compliance issues or need improvement.

What Can I Do to Prepare for a 401(k) Audit?

Preparation is critical for a successful 401(k) audit because it means that the audit will be more resource- and time-efficient for your staff, company and the auditor.

Specifically, there are four things you can do to help the process go as smoothly as possible.

1. Organize Your Documents

The starting point of any 401(k) audit is providing plan-related documents to the auditor, so it’s in your best interest to ensure that your plan-related documents are current, organized and easily accessible.

This applies to not only your independent audit but also to your 401(k) plan if it is selected to be audited by the DOL.

The required documents for a 401(k) audit include:

• Executed plan document, which includes the executed adoption agreement or volume submitter plans
• IRS determination for the executed plan document
• Historical and current plan summaries and descriptions of material modifications
• Executed amendments to plan documents
• Executed Board minutes related to the plan
• 401(k) minutes of the executive committee or other governing committee
• Copies of the prior years’ Forms 5500
• Recordkeeping and trust agreements with plan recordkeeper and custodian
• Copy of the fidelity bond insurance of the plan
• Copies of the prior years’ audited financial statements
• Other significant correspondence or agreements pertaining to the plan

2. Familiarize Yourself With Your Fiduciary Responsibility

Oversight of a 401(k) plan and effective fiduciary policy and oversight are critical elements in sound internal controls. Many plan sponsors may be unaware of the associated risks in being a fiduciary and that they could be liable for any breach in their responsibilities.

Many sponsors aren’t even aware that they are fiduciaries of the company’s 401(k) plan. Someone is a fiduciary of a 401(k) plan if they meet any of the following criteria:

• Exercise control or discretionary authority over plan assets
• Exercise control or discretionary authority over plan management
• Have responsibility or discretionary authority over plan administration

There are effective methods for fiduciaries to act in the best interests of plan participants and protect themselves from any liability. These best practices should include:

• Develop investment policy
• Keep committee minutes
• Establish a 401(k) administration committee
• Assess administrative fees associated with the plan
• Seek external investment advice
• Conduct community meetings regularly

3. Understand What Your 401(k) Plan Needs for Compliance

If a 401(k) audit reveals that the plan is not operating according to the plan document specifications, the sponsor and plan have compliance issues. These must be addressed, and the plan must be brought into compliance with the DOL and IRS regulations.

That’s why it’s best to understand what’s required of your plan for compliance before your 401(k) audit begins.

There are many potential sources of errors that cause compliance issues. Some of the more common examples include:

• Lack of review concerning the definition of compensation and payroll systems
• Lack of cohesion between plan provisions and actual practices
• Lack of timely deposits of participant deferrals

4. Review Your Internal Controls

Many smaller private businesses with fewer than 100 employees often struggle to prioritize internal controls, but they are essential to the successful management of a 401(k) plan, and they will be examined in your 401(k) audit.

Are you familiar with your company’s internal controls? What about controls for your vendors?

Many sponsors misjudge that if an outside recordkeeper and custodian handle their 401(k) plan, then fraud or errors are unlikely to occur. Unfortunately, when there is a lack of oversight present, there is always the possibility of fraud to occur.

Many third-party administrators produce a System and Organization Controls Report (SOC 1) that details the control structure in place, as well as often contains results and tests of the control structure effectiveness.

These can be valuable for auditors and sponsors in examining the plans that they administer. Note that there is a section in the SOC 1 that outlines what plan sponsors need to do to effectively utilize the third-party administrator.

What Do I Need for Form 5500?

The 401(k) audit is a key step in fulfilling the requirement to file a Form 5500 for both small and large business entities. However, if you are considered a large plan, there are additional reports that are required for the 401(k) audit and for the Form 5500 process.

Specifically, a large 401(k) plan must have a Schedule H attached to Form 5500. This supplementary document requires greater detail than the short form filing (Form 5500-SF). All details, as part of this form, must be reviewed by the auditor.

How Do I Get Help with My 401(k) Audit?

The more knowledgeable you are of the 401(k) audit requirements and process, the more prepared you will be and the more efficient the entire process will be for your staff, company and the auditor.

If you need help navigating the process of managing your 401(k) audit, contact the benefit plan advisors at Warren Averett.

This article was originally published on December 21, 2020 and most recently updated on May 26, 2023.