Employee Benefit Plan Audits: A Comprehensive Guide to Understanding Requirements and Navigating the Process 

The Employee Retirement Income Security Act (ERISA) is a federal law that applies to most private employers and establishes standards for health, retirement and other welfare benefit plans in order to protect both employees and employers. ERISA applies to any private entity that offers benefit plans that fall under their scope of authority. This legislation requires that employers comply with specific standards, one of which includes an employee benefit plan audit requirement. Enter: employee benefit plan audits.

An audit of an employee benefit plan (EBP) involves the examination of financial statements provided by a third party to the DOL, plan management and plan participants. Going through an EBP audit can be a daunting process, especially if you’re going through the process for the first time.

Chapter 1:

What is an Employee Benefit Plan Audit and Why Is It Important?

To fully grasp the importance of an EBP audit, it’s wise to examine what EBP audits entail and the ultimate objective of these audits.

What is an EBP Audit?

Did You Know?
The term “employee benefit plan” refers to a pension, 401(k) or profit-sharing plan, and the primary aim of an EBP audit is to accurately gauge the ability of the EBP to cover current and future benefits and payments. In short, it assesses the viability of your plan.

An audit of an EBP must employ the Generally Accepted Audit Standards (GAAS) and adhere to Department of Labor (DOL) and ERISA regulations. In addition, the American Institute of Certified Public Accountants (AICPA) Auditing Standards Board (ASB) establishes the standard for an EBP audit, and the Professional Ethics Executive Committee administers independent ethical standards.

An EBP audit can be a complex undertaking. The plan’s financial reporting and the audit environment both provide unique factors in an EBP audit and can make this process much more complex than a standard audit.

These unique factors may include:

  • Regulations of the Internal Revenue Service (IRS) and Department of Labor (DOL)
  • Federal and state laws
  • Special reporting and audit requirements
  • Nature of the plan operations

What happens during an EBP audit?

During an EBP audit, your engaged audit firm examines whether the financial statements contain any material misstatements that may result from fraudulent reporting or due to unintentional errors. The findings from the audit provide the basis on which the auditor reports on the financial statements concerning the EBP.

Audit procedures seek to:

  • Ensure the plan sponsor fulfills its fiduciary duty to the plan’s participants;
  • Provide insight into the sponsor’s control environment and internal control processes, and
  • Identify possible weaknesses, operational errors and potential fraud risks.

In addition to these aims, the DOL looks to the auditor to provide their judgment on the accuracy and material fairness of information submitted as part of the Form 5500.

This process also includes highlighting areas of weakness or operational errors which can be addressed to enhance the operations of the EBP. Lastly, an EBP audit assists the sponsor of the EBP in carrying out the legal requirement to file the Form 5500.

Who is involved in an organization’s EBP audit?

In general, the plan sponsor’s human resources and financial accounting departments, an actuary (for defined benefit and/or HW plans), a third-party administrator, ERISA legal counsel, investment trustees and administrators, as well as an independent auditor, may all play a significant role in this process, as applicable.

What is the objective and importance of an EBP audit?

The primary objective of ERISA is to protect participants and their benefits in an EBP. ERISA helps to look out for employees by ensuring that EBPs abide by guidelines that prevent any misuse of plan assets on the part of the administrators of the employee benefit plan. Hiring an independent certified public accountant (CPA) to audit your financial statements to ensure your plan is adhering to relevant legislation is standard practice when your plan reaches certain-participant-count thresholds.

The audit of the financial statements of an employee benefit plan is essentially a safeguard. It is meant to protect the financial integrity of the plan to provide health, retirement and other associated benefits of the plan to participants over the term of payments.

However, the benefits of an EBP audit don’t stop there.

Revelations from an audit can also assist your company in streamlining and making the operations of the plan more efficient. With audit results in hand, you’ll be able to more accurately evaluate the strengths (or weaknesses) of the internal controls involved in financial reporting.

The conclusion of the audit reinforces that your plan will have the funds available to pay benefits to respective participants when these benefits become due. With multiple stakeholders who are part of the financial reporting process, this becomes necessary to determine accuracy. Companies also benefit from pinpointing areas of weakness or operational errors and with assistance in carrying out the legal requirements of Form 5500. The regulations, therefore, can be viewed as a chance to strengthen your internal processes and prove viability of your plan.

Chapter 2:

Determining if You Need an Employee Benefit Plan Audit

You may be wondering if an EBP is even required of the plan you provide. Determining the answer can, at times, be complex without some guidance. Let’s review some basic high-level principles for audit requirements.

How do you determine if an audit is required for your employee benefit plan?

One key determiner is the size of your plan.

Employee Retirement Income Security Act (ERISA) guidelines generally require employee benefit plans with 120 or more eligible participants at the beginning of the plan year to have an audit of the plan’s financial statements.

So, if your EBP consists of fewer than 120 eligible participants at the start of the plan year and you file as a Small Plan (Schedule 1) for your Form 5500, you do not require an audit. However, if you file as a Large Plan (the accompanying Schedule H) with more than 100 eligible participants, you will require an audit.

While this is the general rule, there are other important factors to consider, as well as other exceptions relative to health and welfare plans depending on whether the plan is considered funded or non-funded.

You should be aware of a few exceptions:

1. 80-120 Rule
If the number of participants reported on line 5 of Form 5500 is between 80 and 120, and a Form 5500 annual return/report was filed for the prior plan year, the plan may elect to complete the Form 5500 in the same category (”large plan” or ”small plan”) as was filed for the prior return/report. Thus, if a Form 5500 annual return/report was filed for the prior plan year as a small plan, including Schedule I if applicable, and the number entered on line 5 of the current year Form 5500 is 120 or less, the plan may elect to complete the current Form 5500 and schedules in accordance with the instructions for a small plan, including for eligible filers, filing Form 5500-SF instead of Form 5500.

2. Short Plan Year Rule
If the plan had a short plan year of seven (7) months or less for either the prior plan year or the plan year being reported on the current Form 5500, an election can be made to defer filing the audit in accordance with 29 CFR 2520.104-50. If such an election was made for the prior plan year, the current Form 5500 must be completed following the requirements for a large plan, including the attachment of Schedule H and the audit reports, regardless of the number of participants entered in Part II, line 5.

What is an eligible participant?

Importantly, you’ll need to be crystal clear on how many plan participants you have. But this isn’t as easy as it sounds.

Determining who qualifies as an eligible participant may not be as straightforward as you first think. An eligible participant includes:

  • All active employees who have met the eligibility provisions of the plan
  • Retired or separated participants receiving benefits
  • Other retired or separated participants entitled to future benefits

You can see there are a lot of exceptions and/or rules which may trigger the audit requirement. This is why is it critical to discuss all of these scenarios with your third-party administrator (TPA) and/or accountant to ascertain whether an audit is required.

Chapter 3:

Preparing for the Employee Benefit Plan Audit Process 

Once you have determined eligibility, the next step is to consider all of the detailed reporting requirements as well as selecting an audit firm.

We’ve all heard the old adage “an ounce of prevention is worth a pound of cure.” This is especially true when it comes to employee benefit plan (EBP) audits. A successful employee benefit plan audit requires you to prepare ahead of time to ensure the process moves smoothly and minimizes time and cost for all parties involved.

Here are a few ways you can ensure the process proceeds as smoothly as possible.

Organize Your Documents (EBP Audit Requirements Checklist)

Provision and organization of plan-related documents must come first. To get prepared, make sure that your plan-related documents are current, organized and easily accessible. This applies to not only your independent audit but also to your 401(k) plan if it is selected to be audited by the DOL.

Below, we’ve provided a checklist of important documentation and statements needed to effectively complete the audit. Many of these items can be provided by the third-party administrator and/or the plan’s investment custodian.

In addition, the company itself must provide copies of reports from both payroll and human resources that relate to the plan participants, such as those showing employer contributions, process narratives and participant loan details and support:

  • Plan documents and all amendments, including trust documents and summary plan description
  • Summary annual reports for the period under audit
  • Fiduciary insurance and bond documentation
  • Internal income and disbursement statements
  • IRS determination letter
  • Meeting minutes from committee or subcommittee meetings
  • Plan financial records, including account statements and ledgers
  • Service provider contracts
  • Support for a sample of participant benefit payments
  • Process narratives for hiring and paying plan professionals
  • A draft of Form 5500
  • All documents related to service provider fees, including fee schedules and compensation paid to professionals by the plan
  • Contracts with fiduciaries and other service providers, including details and dates for services provided as agreed upon
  • Any ERISA compliance policies or procedures adopted by the plan or sponsor
  • All documents related to plan investment performance (which includes an investment policy statement)
  • All documents related to administrative expenses (direct or indirect) related to the plan
  • Documents showing the names and service times of board members and officers of the plan sponsor
  • Documents showing timeliness of employer contributions and support for authorization and payment of participant loans
  • Documentation showing the procedures for handling participant loans, if applicable (because loan administration and repayment of loans is a frequent issue in audits)
  • Various participant-related documentation to support a participant sample selected by the auditor

All of the above-mentioned documentation and support are needed to effectively perform the EBP audit.

Familiarize Yourself with Your Fiduciary Responsibility

Careful attention to an employee benefit plan and effective fiduciary policy and oversight demonstrate that responsible controls are in place. Plan sponsors must understand that there are associated risks in being a fiduciary and that they could be liable for any breach in their responsibilities.

Understand Operational Compliance

Plan documents specifications should dictate how an employee benefit plan is operating. If there are compliance issues, they must be addressed so that the plan can be brought into compliance with the DOL and IRS regulations.

Some of the more common examples of noncompliance include:

  • Lack of review concerning the definition of compensation and payroll systems
  • Lack of cohesion between plan provisions and actual practices
  • Lack of timely deposits of participant deferrals

Review Your Internal Controls

Often, smaller businesses struggle to prioritize controls. It’s not uncommon for sponsors to believe that if an outside recordkeeper and custodian handle their employee benefit plan, then fraud or errors are unlikely to occur. But there is always the possibility of fraud to occur. For this reason, many TPAs produce a System and Organization Controls Report (SOC 1) that details the control structure in place.

Choose the Right Auditor for Your Company

Some of the most important considerations in selecting your auditor include competence, adherence to standards, familiarity with required procedures and DOL guidance. Here’s a closer look at each of these standards:

Establishing Competence and Expertise – With nearly 40% of audits reviewed by the DOL featuring major deficiencies, this guideline should be at the top of your list. A major contributor to the high rate of EBP audit deficiencies discovered by the DOL is the lack of training and experience of EBP auditors. There are unique aspects of an audit involving an EBP that require specific knowledge and experience to perform required duties comprehensively and effectively. It’s a good idea to seek someone who is a member of the AICPA Employee Benefit Plan Audit Quality Center. This organization aims to provide quality audit services to clients by adhering to established auditing standards.

Certification and Adherence to Standards – As a first step, make sure that the auditor of an EBP is certified or licensed as a certified public accountant by the state regulatory authority. It varies from state to state, but some jurisdictions require that audits must be independently reviewed. Licensed auditors must inspect the audit and the audit process to make sure that standards are upheld, a system known as “peer review.”

Familiarity with Required Procedures – Make sure your auditor understands up-to-date plan documents that relate to the period being audited. Any amendments to the plan documents need to be considered to effectively perform the required risk-assessment examinations. For example, your auditor needs to consider the relevant plan provisions impacting the risk of any material misstatement of account balances, disclosures and transactions. Another area that falls under the purview of your auditor is whether transactions that are prohibited for the EBP that have been identified by plan administrators or discovered in the auditing process are accurately reported in the supplemental schedules. (This is required even if the effects of nonexempt prohibited transactions are immaterial to the financial statements of the EBP.)

The Department of Labor’s Guidance on Auditor Selection – Obtain helpful guidance from the DOL. Their recommendations are to consider the following auditor qualifications:

  • Their auditing experience with similar EBPs
  • References from the auditor
  • Their licenses

In addition, the DOL suggests that the plan administrator should ask the auditor specifically about the importance of an audit engagement letter, the scope of the audit and what steps occur at the end of the audit.

Chapter 4:

The Process of An Employee Benefit Plan Audit 

This comprehensive review from the third-party auditor occurs in three phases: (1) providing your requirements, (2) fieldwork and (3) audit results, reports and financial statements.

Phase 1: Providing Requirements

The first step is to provide your auditor with the documentation and requirements needed to complete the audit. Companies should pay particular attention to the completeness and detail of the information provided to the auditors to avoid issues and to minimize potential further investigation by the Department of Labor (DOL).

Phase 2: Fieldwork

While on-site or remotely, the auditor will meet with company personnel responsible for the EBP plan and gain an understanding of the internal controls, accounting processes and risks. You should expect an auditor to review a sampling of distributions, loans and employees and request the supporting files and documentation for the samples selected.

In all, the fieldwork phase can take between a few days and one week. According to the AICPA, an EBP audit considers financial statements that cover the following areas:

Benefit payments – An EBP audit will determine whether payments from the plan are made in accordance with related documents and plan provisions. The audit also verifies whether payments are made only to individuals entitled to receive benefits through the EBP plan.

Contributions from the employer and employee – Another critical area of an employee benefit plan audit is to determine whether the employer’s and employee’s contributions have been properly recorded, withheld, remitted timely and disclosed in the financial statements.

Participant data – An EBP auditor will apply various procedures to verify that all employees have been properly included in the plan. Auditors must understand how an employee participates in an employee benefit plan, the proper employee classification and how contributions are allocated.

Investments and investment income – Whether a full-scope audit or a limited scope audit is being conducted matters a great deal: It determines the method in which investments are tested. Because investments account for the greatest share of assets in an employee benefit plan audit, it is crucial to consider these implications.

Liabilities and plan obligations – An actuary will likely test plan obligations to determine whether plan liabilities are included in the financial statements. An auditor will also assess whether plan obligations are accurately estimated and included in the financial statements.

Participant allocations – An EBP audit will ensure that transactions and net assets are allocated to participant accounts as stipulated in the plan documents. These areas include income allocations, contributions, forfeiture allocations and expense allocations.

Administrative expenses – Expenses are tested to verify that they follow agreements and are properly classified. Expense tests also determine whether the expenses are recorded accurately and in the proper period.

 Loans to participants – An auditor will test the loans to participants and the resulting interest to verify that the amounts have been recorded, valued, identified and disclosed properly in the financial statements.

Phase 3: Results

Finally, once the fieldwork review of the EBP audit requirements is completed, the auditor will provide a draft of the financial statements, report and correspondence related to any internal control deficiencies uncovered during the review.

Once approved, the auditor will provide the company with a finalized report and audited financial statements to be attached to the Form 5500 that is submitted to the DOL.

Chapter 5:

An Introduction to Form 5500

Because of the new ERISA guidelines for EBP audits, understanding Form 5500 is more critical now than ever before.

What is Form 5500?

Did You Know?
The Form 5500 provides federal agencies with an annual report to use as a framework. Form 5500 includes information about the benefit plans that are offered by employers, as well as the finances and operations of these plans.

It’s one of the most essential documents in ERISA’s disclosure and reporting framework, born from the collaboration of these three U.S. government agencies:

  • the Pension Benefit Guaranty Corporation (PBGC)
  • the Internal Revenue Service (IRS)
  • the Department of Labor (DOL)

Is Form 5500 only for Employee Benefit Plans?

The following plans are also subject to Form 5500 filings if they have 100 employees or more: medical, vision, dental or other health plan, any life insurance plan, flexible spending account, cafeteria plan, vacation, holiday, disability or any other employee benefit plan or fringe benefit plan.

What are the types of Form 5500?

At the start of filing your Form 5500, you first need to identify which type you need to submit. The type of Form 5500 that is needed depends on the plan. There are three main types that are used.

  • Form 5500 is generally used for an EBP that contains at least 100 participants, and it typically requires schedules and attachments.
  • Form 5500-SF is generally used for organizations with fewer than 100 participants in their EBP. With significantly fewer reporting responsibilities on employers for filing their reports, this type of form is much less intensive. Because of the smaller number of participants, these plans usually don’t require an audit.

What Information Goes in the Form 5500?

Form 5500 consists of the main form, in addition to various schedules and attachments that supplement the comprehensiveness of the main form.

To complete Form 5500, details about your specific employee benefit plan must be submitted. These include the following, if applicable:

  • Accountant report, if the plan meets threshold for an audit requirement
  • Actuary contact information (defined pension plan)
  • Information concerning all insurance contracts used (in the event the plan has insurance contracts)
  • Schedules concerning liabilities and assets

The Form 5500 encompasses areas that include: the starting date of your plan, details concerning the number of participants in the plan, plan sponsor details, details of the plan administrator, information regarding the funding of the plan and provided benefits, as well as attached schedules.

Understanding which schedules you are required to submit can present a great challenge. Schedules to accompany Form 5500 may include:

  • Schedule A – covers insurance information
  • Schedule C – deals with service provider information
  • Schedule D – encompasses information concerning the direct filing entity
  • Schedule G – refers to financial transactions of the plan
  • Schedule H – financial information for a large EBP
  • Schedule I – financial information for a small EBP
  • Schedule MB – pertains to multi-employer defined benefit plans as well as certain money purchase plan actuarial information
  • Schedule R – covers information for retirement plans
  • Schedule SB – relevant for single-employer defined benefit plans and details actuarial information

An experienced EBP auditor will help you determine that all the correct schedules and required documents are submitted with your Form 5500 filing.

How is Form 5500 Filed?

Be aware that the DOL requires Form 5500 to be filed electronically by using the ERISA Filing Acceptance System (EFAST2) program. This system is designed to help simplify the processing, submission and receipt of your Form 5500.

Who Needs to File a Form 5500?

Often, a company’s finance, HR or operations department, or any combination of these departments, will prepare the Form 5500. However, it’s the administrator of an EBP who is ultimately responsible for filing the relevant Form 5500. Alternatively, a third-party administrator may be used to file Form 5500.

When is Form 5500 Filed?

An EBP plan must file Form 5500 before the end of seven months following the plan year-end. For example, an EBP that follows the calendar year (ending December 31), must file Form 5500 by the following July 31.

What are the potential penalties for Form 5500 Issues?

Take the time to carefully review your information and submit your Form 5500 by the required deadline in order to avoid penalties or delays in processing. Substantial penalties or fines may be imposed by the IRS or the DOL if you fail to file or fail to meet the filing requirements for Form 5500.

These examples offer some perspective on penalties that have been assessed:

  • Up to $2,194 per day penalty assessed to the plan administrator
  • $150 per day per annual report filing penalty (up to a maximum of $50,000) for a deficient auditor report
  • $100 per day per annual report filing penalty (up to a maximum of $36,500) for a report filing containing deficient financial information
  • $10 daily penalty for failure to answer a question on Form 5500 (up to a maximum of $3,650)

Taking into account the complex requirements, it’s easy to see how engaging with the right auditor can be a crucial difference between assurance and risk for potential negative outcomes. With that in mind, let’s explore how to effectively choose an auditor and navigate the process wisely.

Chapter 6:


Whether your plan has been audited by the same firm for 10-plus years or whether your plan has just met the initial audit threshold, we are here to help. Warren Averett is dedicated to helping clients manage their employee benefit plans with the utmost credibility and confidence. Warren Averett conducts audits for more than 300 employee benefit plans on an annual basis, which ranks in the top 1% of accounting firms. Our audits handle EBPs that range from under $1 million to in excess of $12 billion in assets for both private and public companies.

Our team members are experts in auditing standards, the Securities and Exchange Commission (SEC) regulations, and the Department of Labor and Employee Retirement Income Security Act filing requirements. We are members of the AICPA Employee Benefit Plan Audit Quality Center and take pride in our stellar track record of having the DOL find zero deficiencies in our audits.

Warren Averett has the expertise you need to ensure quality audits in this complex field. Contact us today and let us help you prepare for tomorrow.