Businesses with over 100 employees that have account balances at the beginning of the financial year are required to conduct mandatory audits. This includes employees who receive benefits such as retirement funds, health insurance, 401(k) plans, or other employment benefits. Under the Employee Retirement Income Security Act (ERISA), these benefits are subject to audits.
To ensure a smooth audit process, the AICPA has provided the Employee Benefit Plan Audit Guide and how to prepare for it.
This blog breaks down AICPA’s guide for businesses undergoing an EBPA, helping them navigate the process efficiently and avoiding common pitfalls.
What is an Employee Benefit Plan Audit?
EBPAs are independent reviews mandated by the DOL to verify compliance and accurately depict the financial picture of employee benefit plans. The principal purposes of the EBPA are to confirm the financial soundness of an employee benefit plan. To determine if financial statements fairly present the EBPs financial position in accordance with GAAP. And to verify compliance with ERISA and all other applicable laws.
This requirement applies to most private sector plans with 100 or more participants at the start of the planned year. While retirement plans like 401(k) plans or defined pension plans are often associated with audits, health and welfare benefit plans are also audited.
An independent qualified auditor, who is an independent CPA, performs the audit in accordance with GAAS.
Download the EBP Audit Guide
Whether you’re a plan sponsor or fiduciary seeking clarity,
this comprehensive guide walks you through every audit requirement.
Three Stages of an Employee Benefit Plan Audit
Preparing thoroughly is essential to a successful, effective, and efficient audit. The AICPA Employee Benefit Plan Audit Guide emphasizes proper internal controls, keeping records and documentation accurate, and mitigating risk in a proactive manner. A three-phase process is outlined below that describes the way businesses should prepare for an Employee Benefit Plan audit.
Pre-Audit
Preparation and Organization:
An effective audit begins well before the auditor shows up on site (months ahead of time). It is very important to accumulate and gather all the required documentation that will be needed for the audit during this time frame. The auditor will use these documents in order to build a case as to whether or not the benefit plan was administered according to the regulations. Some of the documents to compile during this period are the plan document and all amendments to it, the Summary Plan Description (SPD), Form 5500 from the prior calendar year, and the financial statements that were audited for the prior calendar year.
Additionally, the organization must collect and provide participant census data, participant eligibility and payroll reports that substantiate the organization’s contribution remittances made on behalf of participants.
Moreover, each service provider must easily provide the auditor with investment statements, trust agreements, and service provider contracts showing the organization’s active oversight of the benefit plan. The results of non-discrimination testing and (internal) controls over participant data and forfeitures need to be reviewed. Many organizations complete a thorough, comprehensive pre-audit with an EBP expert in an effort to identify and resolve potential problems before the actual audit begins to streamline the overall audit process.
During the Audit
Fieldwork:
Beginning once the audit has been initiated, the focus will lead to the focus of auditor’s work to provide assistance and provide information that is accurate and clear to them regardless of whether the auditor works on-site or remotely.
Typically, the auditors will require the conduct of “walk-throughs,” either in-person or virtually, of the key business activities, such as how the contributions are made, and how participants enroll in the plan.
The auditors will obtain sample testing of the transaction, including distribution(s), loan(s), and forfeitures, compared to what the terms of the plan say regarding how they should be executed to verify that the plan is operating according to the written terms.
Auditors will conduct interviews only with the third-party service provider and/or with the plan fiduciaries, confirming the investments and bank account balances through custodians and obtaining direct confirmations from each custodian once the assets are under the custodian’s control. In addition, auditors will also interview third-party providers and/or plan fiduciaries to ensure that the internal controls are in place as required by the plan fiduciary’s policies and procedures.
Delay in providing answers to an auditor during any phase of the audit will increase administrative time delays and negatively impact how the auditor views the governance structure of the plan.
Post-Audit
Finalization and Follow-Up:
A thorough review of the final draft of the audit report included the financial statements as well as possible items noted or recommended by the auditor will need to be performed by plan sponsors in a timely fashion. Auditors are required to provide a completed Form 5500 with the final audit report to the Department of Labor (DOL) no later than nine and one-half months after the end of the plan year.
How does the employee benefit plan get audited?
Planning and Risk Assessment
Prior to performing any data testing, The CPA must plan and evaluate the risk. To do this, the CPA reviews the governing documents of the plan, historical filings, and the internal controls of the plan to assess the risk of noncompliance or error in financial statement calculations. From that assessment, the CPA determines which sections of the plan to examine in more detail (e.g., timing of contributions, eligibility of participants, or tax-deferred contributions).
Testing Financial Transactions and Internal Controls
Once the risk areas are identified, the auditor performs transaction testing to verify the accuracy of your plan’s financial statements. Additionally, they assess the effectiveness of your internal controls to ensure contributions are made promptly. This helps ensure participant data is accurately recorded, and all financial transactions are documented correctly. This level of testing will help provide assurance that your plan is operating in accordance with IRS tax rules.
IRS Compliance Verification
When conducting your audit there will be many areas to consider; however one of the main areas is evaluating if your plan adheres to the basic criteria for qualification as outlined by the IRS, such as contribution limits, non-discrimination testing, and eligibility of participants. Your auditor will also confirm that all contributions and deferrals are submitted within the required timelines, and that every transaction (related to your plan) is within compliance of the IRS Code.
Issuing the Audit Report
Once the audit is complete, a CPA will prepare an audit report that summarizes the financial condition of the plan as well as areas of concern about it. The audit report provides assurance to both the employer and the IRS that the plan is being operated properly and that the financial statements are accurate. The audit report will also list all identified errors or noncompliance identified by the auditor along with their remedies.
Correcting and Maintaining Compliance
If any problems are discovered by the audit, the owner of the business ought to remedy those issues as soon as feasible. There is an opportunity to restore certain errors under the IRS Employee Plans Compliance Resolution System (EPCRS) that assists employers in keeping the qualified status of their plan while preventing disqualification or penalties from happening. In addition to showing good faith, resolving any issues quickly allows the employer to show an allegiance to comply with the law.
Conclusion
An Employee Benefit Plan Audit can be overwhelming for most businesses. However, with proper advance preparation, knowledge of the auditor’s methodology, and access to the AICPA Guide’s resources. These shift from merely a regulatory requirement to an opportunity. This opportunity can add significant value to your organization.
A successful audit will not only fulfill all DOL and IRS requirements but also strengthen your plan’s financial integrity. By enhancing your internal control, identifying areas for operational improvement, and helping build trust in the plan among the areas. Staying up to date with changes, such as the SECURE 2.0 legislation, and new risks. This increases focus on audit quality found in recent editions of the guide will ensure your continued compliance.
