The Employee Retirement Income Security Act (ERISA) is a federal law that applies to most private employers and establishes standards for health, retirement and other welfare benefit plans in order to protect both employees and employers. ERISA applies to any private entity offering benefit plans that fall under its scope of authority. This legislation requires that employers comply with specific standards, one of which includes an employee benefit plan audit requirement. Enter: employee benefit plan audits.
An audit of an employee benefit plan (EBP) involves the examination of financial statements provided by a third party to the DOL, plan management and plan participants. Going through an EBP audit can be a daunting process, especially if you’re going through the process for the first time.
To fully grasp the importance of an EBP audit, it’s wise to examine what EBP audits entail and the ultimate objective of these audits.
The term “employee benefit plan” refers to a pension, 401(k) or profit-sharing plan, and the primary aim of an EBP audit is to accurately gauge the ability of the EBP to cover current and future benefits and payments. In short, it assesses the viability of your plan.
An audit of an employee benefit plan must employ the Generally Accepted Audit Standards (GAAS) and adhere to Department of Labor (DOL) and ERISA regulations. In addition, the American Institute of Certified Public Accountants (AICPA) Auditing Standards Board (ASB) establishes the standard for an EBP audit, and the Professional Ethics Executive Committee administers independent ethical standards.
An employee benefit plan audit can be a complex undertaking. The plan’s financial reporting and the audit environment both provide unique factors that can make the process of an employee benefit plan audit much more complex than a standard audit.
These unique factors may include:
During an EBP audit, your engaged audit firm examines whether the financial statements contain any material misstatements that may result from fraudulent reporting or unintentional errors. The findings from the audit provide the basis on which the auditor reports on the financial statements concerning the EBP.
Audit procedures seek to:
In addition to these aims, the DOL looks to the auditor to provide their judgment on the accuracy and material fairness of information submitted as part of the Form 5500.
This process also includes highlighting areas of weakness or operational errors, which can be addressed to enhance the operations of the EBP. Lastly, an employee benefit plan audit assists the sponsor of the EBP in carrying out the legal requirement to file the Form 5500.
In general, the plan sponsor’s human resources and financial accounting departments, an actuary (for defined benefit and/or HW plans), a third-party administrator, ERISA legal counsel, investment trustees and administrators, as well as an independent auditor, may all play a significant role in this process, as applicable.
The primary objective of ERISA is to protect participants and their benefits in an employee benefit plan. ERISA helps to look out for employees by ensuring that EBPs abide by guidelines that prevent any misuse of plan assets on the part of the administrators of the employee benefit plan. Hiring an independent certified public accountant (CPA) to audit your financial statements to ensure your plan is adhering to relevant legislation is standard practice when your plan reaches certain-participant-count thresholds.
The audit of the financial statements of an employee benefit plan is essentially a safeguard. It is meant to protect the financial integrity of the plan to provide health, retirement and other associated benefits of the plan to participants over the term of payments.
However, the benefits of an EBP audit don’t stop there.
Findings from an audit can also assist your company in streamlining and making the operations of the plan more efficient. With EBP audit results in hand, you’ll be able to more accurately evaluate the strengths (or weaknesses) of the internal controls involved in financial reporting.
The conclusion of the EBP audit reinforces that your plan will have the funds available to pay benefits to respective participants when these benefits become due. With multiple stakeholders involved in the financial reporting process, this becomes necessary to determine accuracy. Companies also benefit from pinpointing areas of weakness or operational errors and with assistance in carrying out the legal requirements of Form 5500. The regulations, therefore, can be viewed as a chance to strengthen your internal processes and prove the viability of your plan.
You may be wondering if an EBP audit is even required of the plan you provide. Determining the answer can, at times, be complex without some guidance. Let’s review some basic high-level principles for audit requirements.
Until 2023, plans had to count all employees who were eligible to participate in the plan to determine if an audit was required. Generally, plans with 100 eligible participants or more required an audit.
Since then, the DOL has amended requirements, so only plans that have 100 participants or more with account balances at the start of the plan year will need an employee benefit plan audit. This means that many smaller plans that formerly were required to have an audit are not required to do so anymore.
The DOL’s objective behind this change was to align the costs of audits with the benefits. By focusing on account balances rather than overall plan eligibility, the DOL hoped to reduce the number of plans requiring audits, benefiting smaller plans in terms of costs and administrative burden.
Once you have determined eligibility, the next steps are to consider all of the detailed reporting requirements and to select an EBP audit firm.
We’ve all heard the old adage “an ounce of prevention is worth a pound of cure.” This is especially true when it comes to employee benefit plan audits. A successful employee benefit plan audit requires you to prepare ahead of time to ensure the process moves smoothly and minimizes time and cost for all parties involved.
Here are a few ways you can ensure the process proceeds as smoothly as possible.
Provision and organization of plan-related documents must come first. To get prepared, make sure that your plan-related documents are current, organized and easily accessible. This applies to not only your independent audit but also to your 401(k) plan if it is selected to be audited by the DOL.
Below, we’ve provided a list of important documentation and statements needed to effectively complete the employee benefit plan audit. Many of these items can be provided by the third-party administrator and/or the EBP’s investment custodian.
In addition, the company itself must provide copies of reports from both payroll and human resources that relate to the plan participants, such as those showing employer contributions, process narratives and participant loan details and support:
All of the above-mentioned documentation and support are needed to effectively perform the EBP audit.
Careful attention to an employee benefit plan and effective fiduciary policy and oversight demonstrate that responsible controls are in place. EBP sponsors must understand that there are associated risks in being a fiduciary and that they could be liable for any breach in their responsibilities.
EBP document specifications should dictate how an employee benefit plan is operating. If there are compliance issues, they must be addressed so that the plan can be brought into compliance with the DOL and IRS regulations.
Some of the more common examples of noncompliance include:
Often, smaller businesses struggle to prioritize controls. It’s not uncommon for EBP sponsors to believe that if an outside recordkeeper and custodian handle their employee benefit plan, then fraud or errors are unlikely to occur. But there is always the possibility of fraud. For this reason, many third-party administrators produce a System and Organization Controls Report (SOC 1) that details the control structure in place.
Some of the most important considerations in selecting your employee benefit plan auditor include competence, adherence to standards, familiarity with required procedures and DOL guidance. Here’s a closer look at each of these standards:
 |
Establishing Competence and Expertise – A major contributor to EBP audit deficiencies is the lack of training and experience of EBP auditors. There are unique aspects of an EBP audit that require specific knowledge and experience to perform required duties comprehensively and effectively. It’s a good idea to find a member of the AICPA Employee Benefit Plan Audit Quality Center. This organization aims to provide quality audit services to clients by adhering to established auditing standards. |
 |
Certification and Adherence to Standards – As a first step, make sure that your employee benefit plan auditor is certified or licensed as a certified public accountant by the state regulatory authority. It varies from state to state, but some jurisdictions require that EBP audits be independently reviewed. Licensed auditors must inspect the audit and the audit process to make sure that standards are upheld, a system known as “peer review.” |
 |
Familiarity with Required Procedures – Make sure your employee benefit plan auditor understands up-to-date plan documents that relate to the period being audited. Any amendments to the plan documents need to be considered to effectively perform the required risk-assessment examinations. For example, your EBP auditor needs to consider the relevant plan provisions impacting the risk of any material misstatement of account balances, disclosures and transactions. Another area that falls under the purview of your auditor is whether transactions that are prohibited for the EBP and identified by plan administrators or discovered in the auditing process are accurately reported in the supplemental schedules. (This is required even if the effects of nonexempt prohibited transactions are immaterial to the financial statements of the EBP.) |
 |
The Department of Labor’s Guidance on Auditor Selection – Obtain helpful guidance from the DOL. Their recommendations are to consider the following employee benefit plan auditor qualifications:
|
In addition, the DOL suggests that the EBP administrator should ask the auditor specifically about the importance of an audit engagement letter, the scope of the audit and what steps occur at the end of the audit.
This comprehensive review from the third-party auditor occurs in three phases: (1) providing your requirements, (2) fieldwork and (3) audit results, reports and financial statements.
The first step is to provide your auditor with the documentation and requirements needed to complete the audit. Companies should pay particular attention to the completeness and detail of the information provided to the employee benefit plan auditors to avoid issues and to minimize potential further investigation by the Department of Labor (DOL).
While on-site or remote, the employee benefit plan auditor will meet with company personnel responsible for the EBP plan and gain an understanding of the internal controls, accounting processes and risks. You should expect an EBP auditor to review a sampling of distributions, loans and employees and request the supporting files and documentation for the samples selected.
In all, the fieldwork phase can take between a few days and one week. According to the AICPA, an employee benefit plan audit considers financial statements that cover the following areas:
 |
Benefit payments – An employee benefit plan audit will determine whether payments from the plan are made in accordance with related documents and plan provisions. The audit also verifies whether payments are made only to individuals entitled to receive benefits through the EBP. |
 |
Contributions from the employer and employee – Another critical area of an employee benefit plan audit is to determine whether the employer’s and employee’s contributions have been properly recorded, withheld and remitted in a timely way and disclosed in the financial statements. |
 |
Participant data – An EBP auditor will apply various procedures to verify that all employees have been properly included in the plan. Auditors must understand how an employee participates in an employee benefit plan, the proper employee classification and how contributions are allocated. |
 |
Investments and investment income – Whether a non-ERISA 103(a)(3)(C) audit (formerly, full-scope audit) or an ERISA 103 (a)(3)(C) (formerly, limited scope audit) is being conducted matters a great deal: it determines the method in which investments are tested. Because investments account for the greatest share of assets in an employee benefit plan audit, it’s crucial to consider these implications. |
 |
Liabilities and plan obligations – An actuary will likely test plan obligations to determine whether plan liabilities are included in the financial statements. An employee benefit plan auditor will also assess whether plan obligations are accurately estimated and included in the financial statements. |
 |
Participant allocations – An EBP audit will ensure that transactions and net assets are allocated to participant accounts as stipulated in the plan documents. These areas include income allocations, contributions, forfeiture allocations and expense allocations. |
 |
Administrative expenses – Expenses are tested to verify that they follow agreements and are properly classified. Expense tests also determine whether the expenses are recorded accurately and in the proper period. |
 |
Loans to participants – An employee benefit plan auditor will test the loans to participants and the resulting interest to verify that the amounts have been recorded, valued, identified and disclosed properly in the financial statements. |
Finally, once the fieldwork review of the EBP audit requirements is completed, the auditor will provide a draft of the financial statements, report and correspondence related to any internal control deficiencies uncovered during the review.
Once approved, the auditor will provide the company with a finalized report and audited financial statements to be attached to the Form 5500 that is submitted to the DOL.
Understanding Form 5500 is a critical aspect of having a successful employee benefit plan audit.
The Form 5500 provides federal agencies with an annual report to use as a framework. Form 5500 includes information about the benefit plans that are offered by employers, as well as the finances and operations of these plans.
It’s one of the most essential documents in ERISA’s disclosure and reporting framework, born from the collaboration of these three U.S. government agencies:
The following plans are also subject to Form 5500 filings: medical, vision, dental or other health plan, any life insurance plan, flexible spending account, cafeteria plan, vacation, holiday, disability, or any other employee benefit plan or fringe benefit plan.
Form 5500 consists of the main form, in addition to various schedules and attachments that supplement the comprehensiveness of the main form.
To complete Form 5500, details about your specific employee benefit plan must be submitted. These include the following, if applicable:
The Form 5500 encompasses areas that include: the starting date of your plan, details concerning the number of participants in the plan, plan sponsor details, details of the plan administrator, information regarding the funding of the plan and provided benefits, as well as attached schedules.
Understanding which schedules you are required to submit can present a great challenge. Schedules to accompany Form 5500 may include:
An experienced employee benefit plan auditor will help you determine that all the correct schedules and required documents are submitted with your Form 5500 filing.
Be aware that the DOL requires Form 5500 to be filed electronically using the ERISA Filing Acceptance System (EFAST2) program. This system is designed to help simplify the processing, submission and receipt of your Form 5500.
Often, a company’s finance, HR or operations department, or any combination of these departments, will prepare the Form 5500. However, it’s the administrator of an EBP who is ultimately responsible for filing the relevant Form 5500. Alternatively, a third-party administrator may be used to file Form 5500.
An employee benefit plan must file Form 5500 before the end of seven months following the plan year-end. For example, an EBP that follows the calendar year (ending December 31), must file Form 5500 by the following July 31.
Whether your employee benefit plan has been audited by the same firm for 10-plus years or whether your plan has just met the initial audit threshold, we are here to help. Warren Averett is dedicated to helping clients manage their employee benefit plans with the utmost credibility and confidence.
Our team members are experts in auditing standards, the Securities and Exchange Commission (SEC) regulations, and the Department of Labor and Employee Retirement Income Security Act filing requirements. We are members of the AICPA Employee Benefit Plan Audit Quality Center and take pride in our stellar track record of the DOL finding zero deficiencies in our audits.
Warren Averett has the expertise you need to ensure quality audits in this complex field. Contact us today and let us help you prepare for tomorrow.
