Surviving a 401(k) Audit

April 23, 2014


By: Christopher Conti, Audit Manager

If you are like most people, the mere mention of the word “audit” can evoke thoughts of men in dark suits and sunglasses pulling up to your home or business during the pre-dawn hours and demanding to see all of your bank statements, credit card statements and receipts since the Reagan administration.  To the average person, the thought of undergoing an audit of any kind can seem uncomfortable, overwhelming and downright intimidating.  Many non-public businesses are not required to have their books audited on an annual basis.  However, if your small business is also a plan sponsor of a 401(k) or other retirement plan for your employees, you may have annual audit requirements under the regulations of the Department of Labor (DOL).  Generally speaking, if your plan has more than 100 eligible participants at the beginning of the plan year (regardless of whether or not they contribute to the plan), you are required to attach audited financial statements prepared by an independent Certified Public Accountant to your Form 5500.  Included in the number of eligible participants are the retirees or separated participants and beneficiaries of deceased participants who are receiving benefits or are entitled to receive benefits. If you are unsure as to whether your plan requires an audit, you should contact a qualified audit professional…before the DOL contacts you.

The process of performing a 401(k) audit can be as difficult or as painless as both parties make it.  With the right amount of planning, a competent auditor and a cooperative plan sponsor can get through the audit process quickly and efficiently.  If you have never experienced an audit before, your auditor can and should be a very helpful guide throughout the entire process.    Their goal is not to “catch” the employer doing something wrong or reprimand plan sponsors for improper actions and/or inaccurate recordkeeping.  They are there to work with the plan sponsor and resolve any issues that may arise during the audit.  Al Capone lays claim to the term, “Don’t mistake my kindness for weakness.”  Mr. Capone certainly had his share of run-ins with auditors and I’m sure he found them to be anything but kind.  401(k) auditors do not carry guns like the auditors that eventually put Mr. Capone behind bars, but they do carry heavy ammunition in that they serve as the liaison between plan sponsors and the DOL.  Do not expect an auditor to look the other way or ignore any issues that come up.  Auditors are hired by the plan sponsor, but their ultimate responsibility is to the plan participants.  On top of that, auditors must follow a code of ethics written by the American Institute of Certified Public Accountants.      

Your employees place a great deal of trust in you when they allow you to withhold their hard-earned money from their paycheck.  They trust that you are withholding the correct amount, depositing it into their retirement account on a timely basis and (in some cases) that you are calculating the employer match in accordance with the plan agreement.  While most employers and plan sponsors have all but the best intentions when establishing a retirement plan for their employees, the fact of the matter is that many times the administration and the upkeep of the plan take a backseat to other aspects of the business.  It is important to take the administration of the plan seriously, and the DOL unquestionably would agree with those sentiments.  Ronald Reagan often used the famous Russian proverb, “Trust, but verify.”  With their audit requirements on retirement plans, the DOL is telling employees to do just that, and auditors are there to perform the verification.  According to the DOL, “A well performed audit is a vital protection for your employee benefit plan.  It is in your best interest and that of your plan’s participants to maximize the results of the audit process.”

To ensure a smooth and efficient audit process, it is important to find an auditor that you trust and who can be your ally throughout the process.  This all starts with planning for the audit.  An organized and logical work plan, combined with the strategic use of technology, results in audit efficiency and savings in the form of time and money.  The independent auditor’s report, along with the plan’s financial statements and necessary schedules is attached to Form 5500; which is filed with the DOL. Form 5500 is due by the last day of the 7th calendar month after the end of the plan year. An extension of 2½ months may be requested. For example, if the end of the plan year is December 31st, the original due date of the Form 5500 and auditor’s report would be July 31st and may be extended to October 15th.  

Once you have determined that you are indeed required to have an audit performed, the first step in planning is determining which type of audit is needed.  There are two basic types of 401(k) audits – full scope and limited scope. The type of audit required is based on who holds the investments of the plan.  If the plan’s investments are held by a bank, trust company or insurance company, and that regulated institution certifies to both the accuracy and completeness of the investment information, a limited scope audit may be allowed.  Multiple certifications may be necessary in cases where investments are held by more than one custodian, trustee or insurance company. Limited scope audits may not be performed for plans registered and filing with the Securities and Exchange Commission (SEC), regardless of who holds the investments, as they are not acceptable to the SEC. When a limited scope certification is not obtained or not allowed, a full scope audit is necessary.  The major difference between the two types of audits is that in a full scope audit, audit work is performed on the investments. Audit procedures may include sending confirmations to the custodian, trustee or insurance company to verify the existence and ownership of the investments. Additionally, audit procedures on the valuation of investments, investment transactions and investment income (loss) at the plan level are required.  As you might expect, a full scope audit is typically more time-consuming and more costly than the limited scope version.

For plans with calendar year ends, most 401(k) audits are done during the summer months.  This allows time for the third party administrator of your plan to generate the necessary annual administration reports for your auditor to test.  These reports normally include participant allocation reports, discrimination and coverage tests, Form 5500, etc. Many third party administrators now offer online read-only access to auditors in order to facilitate an easy process for auditors to obtain required documents and even perform some actual audit testing.  If your plan is a 401(k) plan, make sure your third party administrator performs the discrimination tests and returns any excess contributions within 2 ½ months after your plan year end, otherwise a 10% penalty will apply.

The area of most focus in a plan audit should be on participant-related transactions and activity. This includes participant eligibility, payroll information, deferral percentages, demographic information, distribution paperwork, claims paid (for health & welfare plans), and, most importantly, the plan document provisions.  Without the plan document, an audit should not even be started.

As important as participant data is, the plan’s investments are also significant.  As noted above, the level of audit procedures for investments varies in a limited scope versus a full scope audit.  However, no matter what the scope, a plan’s financial statements still must contain all the disclosures required by generally accepted accounting principles.

If your plan holds “non-traditional investments” (investments in real estate, limited partnerships, or other assets not traded openly on a public market), you will need to obtain an independent appraisal of such investments as of the plan’s year end and provide copies to your auditor.  It is important to note that auditors may not provide a valuation for any of the plan’s assets without impairing their independence.  Any valuation work must be performed by a completely different independent source.

One other very important document you will need to provide to your auditor is an annual census of all company employees for the year being audited.  It is recommended that you prepare your census to include ineligible participants as well as eligible.  Most third party administrators and investment providers have systems that will allow you to provide them this data in an electronic format.  Also, make sure that the census data is reconciled with your annual payroll data to avoid any unintentional errors.  This area tends to be the most problematic in terms of errors.

If your plan permits participant loans, all loans should be reconciled at the plan’s year end and a yearend loan summary provided to your auditor.  Your auditor will also require a list of any employer and employee contributions not deposited as of the end of the plan’s year.  Employer contributions are generally required to be deposited by the due date (including extensions) of the plan sponsor’s income tax returns.  Employee contributions (401(k) deferrals) and participant loan payments are required to be deposited on the earliest date on which such contributions can reasonable be segregated from the employer’s general assets.  It is also important to note that all of the employee contributions during the year are required to be remitted to the third party administrator of the plan in that same timely fashion.  If the DOL deems that you are not remitting deferrals timely, they can assess penalties and interest as well as require the plan sponsor to reimburse participants for lost earnings.  Keep in mind that deferrals do not at any point in time belong to the company.  They belong to the participants of the plan and therefore must be handled with prudence.

Once all this information is provided, your auditor will schedule fieldwork with you where he will come out to your location to meet with company personnel who are responsible for the plan.  During fieldwork, which could be anywhere from one day to one week, the auditor will gain a better understanding of how the plan accounting works, the internal controls over the plan, and any risks associated with the plan due to fraud or otherwise.  Once this information is obtained, your auditor will pick a sample of employees, distributions and loans, and request that you provide employee files and supporting documents for the distributions and loans.

With the increased use of technology and the various methods of transmitting secured data electronically, often times it may not even be necessary to perform traditional fieldwork at your location.  The auditor may be able to do the entire audit remotely from their office by utilizing file servers, telephone conferences, and emails.

When the fieldwork is done and the financial statements are completed, you will be provided with a draft of the financial statements and a draft of a report of any internal control deficiencies found during the audit.  You will also receive a management representation letter with a summary of any adjustments the auditor made to the plan’s accounting records.  This letter will need to be signed and returned to the auditor.

Once the management representation letter is returned, and you have approved the financial statement draft, the auditor will provide you with the final audited financial statement which needs to be attached to your Form 5500 and sent to the DOL electronically.

With all that being said, this entire process can be painless with the right auditor.  If you would like more information on any of the topics discussed in this article, or for a no-obligation 401(k) audit quote, please contact us at 1-855-STROEMER.

Client Portal Login

Subscribe to our Newsletter