Many companies offer an employee benefit plan (EBP) to hires that are subject to the Employee Retirement Income Security Act of 1974 (ERISA). These plans typically include defined contribution plans (401(k), 403(b) and employee stock ownership plans), as well as defined benefit pension plans and health plans.

What is an employee benefit plan audit?

An EBP audit is a periodic and independent examination of a company’s benefit plan financial statements and supporting documentation by an independent accounting firm.  The purpose of the audit is to express an opinion on whether the financial statements accurately present the plan’s financial position, results of operations, and cash flows in conformity with generally accepted accounting principles.  The auditor will test compliance with certain provisions of ERISA that are applicable to the plan.  Results of the audit will be reported to the plan sponsors, and they will be required to take corrective action if any deficiencies are found.

Performing an EBP audit ensures financial integrity, assesses complicity with applicable laws, and improves efficiency by identifying strengths and weaknesses of internal controls involved in financial reporting.  It protects the interests of employees by ensuring that their benefits are being used appropriately and their rights safeguarded.  It’s also an integral component of your company’s responsibility to file an accurate Form 5500.

Who needs an employee benefit plan audit?

Generally speaking, a company’s 401(k) plan must be audited every year if it has 120 eligible participants on the first day of the plan year. If the number of eligible participants drops below 100, the plan does not require an annual audit- but a company may continue with the process if the reduction is deemed temporary.

Eligible participants include:

1. Active employees eligible for the plan (even if they don’t participate),
2. Separated or retired employees (including those who have not yet transferred or rolled over their money)
3. Deceased employees with beneficiaries who are entitled to receive plan benefits.

Audit deadline and Form 5500

Any employer maintaining a plan covered by ERISA must file a Form 5500 with the Department of Labor (DOL) annually.  Form 5500 is due the last day of the seventh month after the plan year ends (or on July 31 for calendar year plans). A two-and-a-half-month extension may be filed if necessary.

As part of the process, plan sponsors must have their employee benefit plan audited by an independent CPA. The audit helps to ensure that the Form 5500 is complete and accurate, and that the employee benefit plan is being managed in compliance with ERISA.  Audited financial statements must be included with the plan sponsor’s Form 5500 filing, or it may not be considered complete and accurate. If the filing is rejected for being incomplete or inaccurate, the plan sponsor may be subject to fines until it is corrected.

What must ERISA audits include?

The audit report must include, at a minimum, sections detailing the following:

• The nature and scope of the audit,
• The auditor’s opinion on the financial statements and their basis for said opinion,
• Responsibilities of plan management, including a going concern evaluation,
• Auditor responsibilities, and
• Any supplemental schedules required by ERISA.

Employee Benefit Plan Manager Responsibilities

Multiple parties have varying responsibilities during an EBP audit.  Plan managers are also responsible for determining if an ERISA audit is required.

Plan managers must acknowledge responsibility for:

• Maintaining a current plan instrument, including amendments,
• Administering the plan and determining the plan’s transactions conform with plan provisions,
• Maintaining participant records to determine benefits due, and
• Providing the auditor with a substantially complete Form 5500 prior to the auditor’s report.

Auditor Responsibilities

The auditor must communicate, in writing, any reportable findings with respect to the benefit plan’s provisions. Reportable findings include:

• Noncompliance or suspected noncompliance with laws under AU-C Section 250, Consideration of Laws and Regulations in an Audit of Financial Statements;
• Any finding that, in the auditor’s judgment, is significant to those charged with governance of the benefit plan regarding their responsibility to oversee the financial reporting process; and
• Any deficiencies in internal controls that are sufficient to merit management’s attention according to AU-C Section 265, Communicating Internal Control Related Matters Identified in an Audit.

For example, auditors should report any findings that indicate misapplication of the benefit plan’s provisions (e.g., covered compensation, vesting, eligibility, or non-timely contributions). They should also report a failure to perform applicable IRC compliance tests or misstatements in financial reports or disclosures.  It is relatively common for an auditor to discover reportable findings.  Fortunately, the IRS and DOL have voluntary corrections programs in place that will allow plan administrators time to correct the issue.

WebsterRogers Can Assist

Managing employee benefit plans and complying with auditing standards can be complicated and time-consuming.  By working with an WebsterRogers, you can ensure you’re meeting all requirements.  This article is intended to provide a brief overview of employee benefit plan audits under ERISA and is not a substitute for speaking with a WebsterRogers expert.  If you’d like to learn more, please contact our Assurance Services Group.