Everything You Need to Know About Employee Benefit Plan Audits
Retirement plans are an important part of your business, but keeping up with regulatory and compliance standards can be a challenge. We’ve compiled a comprehensive guide to tell you everything you didn’t know you needed to know about employee benefit plan audits.
What is a Qualified Employee Benefit Plan?
A qualified retirement plan is one that meets the requirements of ERISA, the Employee Retirement Income Security Act of 1974. ERISA protects the assets of employees and helps ensure the money they invest in an employee benefit plan will be available to them when they retire. Title 1 of ERISA describes annual reporting requirements for applicable employee benefit plans. Certain plans are exempt from this reporting, including certain 403(b) plans falling under defined safe harbor rules. In general, ERISA applies to the following types of benefit plans:
- Defined benefit (pension) and defined contribution plans (401k retirement plans, 403b retirement plans), ESOP, profit sharing, etc. sponsored by non-governmental, non-church organizations
- Funded health benefit plans and welfare benefit plans (insured or otherwise)
- Flexible Spending Accounts (FSAs)
- Health Reimbursement Accounts (HRAs)
- Please consult an attorney if you are unsure whether or not your plan is subject to Title I of ERISA.
Does Your ERISA Plan Need an Audit?
In general, plans with more than 100 participants as of the beginning of any plan year will require an audit of the plan’s financial statements for that year. However, there is an exception called the “80-120” rule wherein the audit can be indefinitely deferred until it reaches 120 participants. A large plan requires an audit and must file Schedule H Financial Information with its Form 5500 Annual Report. A small plan generally requires filing Form 5500 Schedule I Financial Information, which does not require an audit.
What is an Employee Benefit Plan Audit?
In an employee benefit plan audit, auditors use knowledge gained about the plan’s internal control environment, the nature of the plan and other factors to assess the reasonableness of the following areas:
- Compliance with plan documents
- Participant eligibility and participant data
- Contributions to the plan
- Distributions from the plan
- Participant loans
- Plan investments and related income
- Plan expenses
- Related party and party-in-interest transactions
- Tax compliance
When is the Audit Required to Be Completed?
The Form 5500 (and required audit report, if applicable) is generally due seven months following the last day of the plan year (this would be July 31 for calendar year-end plans). The filing may be extended for an additional 2.5 months.
Who is a Participant?
The term “participant” for this purpose can be confusing. In general, the participant count includes all employees who are eligible to participate in the plan, regardless of participation. The count also includes all participants who have separate employment yet maintain a balance (or a deferred, vested balance) within the plan as well as beneficiaries of deceased participants who are currently receiving benefits or are eligible to receive benefits in the future. Separate count rules are defined for welfare benefit plans.
The Department of Labor has turned its attention to practices and procedures of plan sponsors regarding locating and distributing benefits to missing participants. From some reports, the Department of Labor is claiming breaches of fiduciary duty for plan sponsors who fail to perform regular searches for those missing and unresponsive participants.
Additionally, for missing participants who are required to start receiving required minimum distributions, it is important to know the IRS has a “non-enforcement policy.” The IRS stated that auditors will not challenge a qualified plan for failure to make required minimum distributions to missing participants, but only when certain conditions have been met.
Fiduciaries are required to perform at least three steps to locate missing participants:
- Search plan and related plan, sponsor and publicly-available records or directories for alternative contact information
- Use any of these search methods: a commercial locator service, a credit reporting agency or a proprietary internet search tool for locating individuals
- Attempt contact through U.S. Postal Service certified mail to the last known mailing address and through appropriate means for any address or contact information (including email addresses and telephone numbers)
Do You Need a Retirement Plan Committee?
Establishing and maintaining an effective retirement plan committee devoted to the prudent management of the plan helps plan sponsors ensure their fiduciary obligations are met.
Fiduciary responsibility under ERISA can be boiled down to three key elements:
- Establish a prudent process
- Adhere to the process
- Document the process
The Guiding Principles of Fiduciary Responsibility
- Decisions must be made in the best interest of the plan and its participants.
- Investment options must be appropriately diversified.
- The plan’s assets must be managed in a prudent and responsible manner (includes engaging experts when appropriate).
- The plan’s costs must be reasonable.
- The plan document must be followed and consistently applied.
- Forming a Retirement Plan Committee
- Establish by-laws and a charter so that attendees understand what they are expected to accomplish. Include the purpose of the committee, responsibilities, logistics (how often will the committee meet and where), required and optional attendees, and how actions and discussions will be documented for fiduciary file retention.
- Size is important. Too many people can lead to inefficiency, and too few may not provide enough resources to get tasks accomplished or effectively evaluate decisions. Consider the following parties for meeting attendance: plan fiduciaries, at least one member of senior management, the plan or company’s legal counsel and representatives from external vendors (depending on the topics to be discussed) including the plan’s trustee or custodian, recordkeeper, third-party administrator, investment advisor, etc.
- Consider a consultant to help run the meetings. Consultants (such as an investment advisor or benefit plan specialist) work with plan committees regularly. They can comment on recent regulatory updates or changes and can bring insight obtained from peers when it comes to decision making. They can assist with drafting minutes and an investment policy statement as well.
- Plan to meet at least quarterly and more frequently during times of plan changes and updates.
- Designate a person to take detailed minutes for fiduciary file retention.
- Minutes of meetings should include an overview of discussions held, results of plan decisions, evidence of the review of investment fund performance and fee benchmarking, current plan trends (such as enrollment and participation status), regulatory updates and their impact on the plan, consideration of vendor selection and evaluation, etc.
Check out our recent webinar discussing how to prepare, what you should expect and common findings to help create a smooth process for your next benefit plan audit.
Helpful Tips to Make Your Benefit Plan Audit Run Smoothly
- Request the “auditor’s package” from your service provider as early in the year as possible
- Put the audit package in the hands of your audit team as soon as it comes
- Request what is called a “PBC” (Prepared by Client) list from your audit team
- Alert your auditor to any change in service providers as they happen during the year
- Send your auditor plan amendments as they are issued
- Send your census data for any non-discrimination testing to your record keeper as soon as available (helpful hint: send a copy to the audit team at the same time)
- Coach your HR or “audit response team” about the importance of the ABCs of an efficient, effective audit:
- Anticipate needs
- Be “ready”
- Confirm the dates of fieldwork with your audit team
- Introduce the service provider relationships (TPA, custodian, trustee, etc.) to your audit team
- Allow audit team read-only access to your online records if allowed
- Make a point to coordinate requests from other departments, such as accounting, payroll, etc.
- Establish one key point of contact for your audit team through the entire process
- PHASE III: AUDIT FIELDWORK
- Have the data from the PBC list ready when the audit team arrives
- Communicate your expectations with the audit team regarding requests that are sensitive in nature, such as payroll and HR records
- Accommodate the audit team with internet access so they can access the website of your custodian/record keeper or their network
- Make yourself available at pre-arranged times with the audit team to answer questions and save time on both ends
- At the end of the week, ask about findings or concerns to prevent surprises
- PHASE IV: WRAP-UP and OTHER
- Recognize the possible “chicken and the egg” battle regarding 5500 drafts (and work with the service provider to obtain a draft of the Form 5500 prior to fieldwork).
- Be flexible as to when the 5500 is filed (pre-July 31 or pre-Oct. 15). There is no penalty for an extended filing, and sometimes the field work can be completed, but an open item or two can push you past July 31.
- Understand that management letter comments are there to help management identify where stronger controls may be needed. The IRS and DOL are looking specifically at the control environment around the plans they audit. Work with your plan auditors to develop sound control processes to help mitigate future regulatory audit findings.
The world of employee benefit plan audits is complex and multi-faceted. The compliance criteria and regulatory issues can lead to big headaches if not carefully considered.
Questions on your employee benefit plan audit?