Doug StegerBy Doug Steger, Manager

Federal law requires the annual audit of a defined benefit or defined contribution retirement plan—including the 401(k) plans—when the plan’s total number of eligible participants reaches 100. The primary objective of an audit is to ensure the 401(k) or other retirement plan is in compliance with both government regulations and requirements specified within the plan documents. When the plan reaches 100 participants, the plan administrator is required to hire a qualified third party CPA firm to conduct an independent audit of the retirement plan.

While the components of a 401(k) audit can be complex—particularly for organizations that have never been audited before—there are a few pieces of information that can help your company navigate its way through the process.

Form 5500

Administrators of 401(k) plans must file an annual Form 5500 with the IRS and Department of Labor (DOL). Administrators of large plans (which are plans with over 100 participants at the beginning of the plan year), must also file audited financial statements with the Form 5500. While administrators of small plans (those with fewer than 100 participants at the beginning of the plan year), are just required to file a Form 5500 (unless certain conditions are present).

The filing deadline for Form 5500 is July 31st but it can be extended to October 15th. Form 5500 must also be filed electronically with the EFAST2 filing system designed by the DOL, IRS and Pension Benefit Guaranty Corporation.

Who’s the Right Independent Auditor?

When looking for independent auditors there are a number of variables companies need to keep in mind before making a selection. Auditors need to be familiar with the ERISA (Employee Retirement Income Security Act), IRS (Internal Revenue Service) and DOL (Department of Labor) regulations, tax and other special requirements of 401(k) plans. The independent auditor should also be a public accountant who is certified or licensed by a state agency. Specifically, independent auditors need to be familiar with the following 401(k) plan’s special requirements:

  • Non-discrimination testing
  • Participant eligibility
  • Investment allocations
  • SOC-1 reports
  • Hardship rules
  • ERISA Bonding requirements
  • Limited Scope certification
  • Late remittance of contributions
  • Prohibited transactions
  • Safe Harbor methods
  • Required Supplemental Schedules required in the Audit
  • 80-120 participant rule

Small vs. Large Plans

The 80-120 rule allows businesses that have between 80-120 participants at the beginning of the plan year to file the same form that was filed the previous year. This allows businesses with Small Plans of fewer than 100 participants to continue to file as a Small Plan until it exceeds 120 participants at the beginning of the plan year.

The plan’s participant count is based on when an employee satisfies the plan’s eligibility requirements (i.e. set number of days worked, minimum annual hours) – not if they actually enroll in the plan or not. Note, all active participants, eligible participants, and terminated participants (separated, retired or deceased) still having plan balances, are included in the count.

Under certain conditions, a Small Plan may be audited. Audits are required for Small Plans if they meet the below criteria:

  • If more than 5% of the assets are nonqualifying plan assets, then any person who handles the nonqualifying plan assets must be covered by a fidelity bond (and the amount of the fidelity bond must be at least equal to the value of the related assets).
  • The summary annual report must contain the required disclosures.
  • If requested by a participant or beneficiary, the plan administrator must make available for examination without charge, or upon request furnish copies of, each regulated financial institution statement and evidence of any required bond.

Limited Scope Audits

Limited Scope audits are permitted by the Department of Labor’s Rules and Regulations for Reporting and Disclosure under ERISA. To qualify as a Limited Scope audit, the financial information relating to the 401(k) plan must be certified by a bank or similar institution or by an insurance carrier that is regulated and subject to federal and state agencies and acts as the trustee or custodian of the plan’s assets. The trustee or custodian needs to certify the accuracy and completeness of the financial information provided. This helps to prevent the auditor from having to perform as many audit procedures.

The information that qualifies for Limited Scope audits applies to investment information, which includes investments, investment income and related investment expenses. If the plan has participant loans, the trustee can also certify these. Information that doesn’t qualify for Limited Scope is related to investment allocations of participants and investment earnings allocated to each participant’s account. Therefore, auditors still need to perform audit procedures in these areas.

Fraud

One of the key functions of 401(k) audits is to protect employee benefit plans from fraud—a main concern of the DOL and IRS. The most common form of fraud is misappropriation of assets or fraudulent financial reporting. Those specific areas of fraud are related to improper valuation of investments, incorrect vesting of plan participants, ineligible participants in the plan, and/or improper benefit disbursements. During periods with difficult economic conditions, Plans can have partial terminations when 20 percent or more of the workers lose jobs from layoffs or closures. The Internal Revenue Code requires that all affected employees must become fully vested.

Common Audit Pitfalls

It’s important to keep in mind that the DOL is very strict when it comes to audits and they have noted high rates of deficiencies in the following areas:

  • No audit documentation or testing related to the following audit areas: participant data, eligibility, forfeitures, investment income allocations, contributions, timeliness of employee contributions, employee deferrals, benefit payments
  • Inappropriate reliance or failure to understand requirements of limited scope engagements or with SOC-1 reports
  • Failure to include required supplementary schedules relating to DOL and ERISA
  • Missing required disclosures on financial statements
  • No testing of payroll data or related party transactions

401(k) audits usually involve testing in the following transaction areas: eligibility (i.e. hiring dates and birth dates), contributions/payroll, benefit testing, payroll remittance testing, investment allocation testing, and expense testing. Other factors that are tested if they apply to your plan are rollover contribution testing and participant loan testing.

Working with an experienced CPA firm to perform your company’s 401(k) audit, and having your organization’s documentation readily available and organized will help ensure that your company remains compliant with the IRS and DOL’s regulations.

---

The information contained in the Knowledge Center is intended solely to provide general guidance on matters of interest for the personal use of the reader, who accepts full responsibility for its use. In no event will CST or its partners, employees or agents, be liable to you or anyone else for any decision made or action taken in reliance on the information in this Knowledge Center or for any consequential, special or similar damages, even if advised of the possibility of such damages.