{"id":6050,"date":"2026-03-02T09:06:37","date_gmt":"2026-03-02T09:06:37","guid":{"rendered":"https:\/\/www.acobloom.com\/us\/?p=6050"},"modified":"2026-03-10T04:58:26","modified_gmt":"2026-03-10T04:58:26","slug":"secure-2-0-act","status":"publish","type":"post","link":"https:\/\/www.acobloom.com\/us\/blog\/secure-2-0-act\/","title":{"rendered":"Understanding SECURE 2.0 and How It Impacts Employer Audits in 2026"},"content":{"rendered":"\n<p>The Setting Every Community Up for Retirement Enhancement (SECURE)&nbsp;was&nbsp;first&nbsp;introduced in 2019&nbsp;as a law that made it easier for Americans&nbsp;to&nbsp;save for retirement.&nbsp;Phase 2&nbsp;of SECURE, while adding&nbsp;90&nbsp;new provisions to the&nbsp;original,&nbsp;introduces&nbsp;significant operational and compliance changes&nbsp;in&nbsp;retirement plans.&nbsp;&nbsp;<\/p>\n\n\n\n<p>The&nbsp;new&nbsp;rules,&nbsp;effective&nbsp;under&nbsp;<strong>SECURE 2.0<\/strong>&nbsp;<strong>2026&nbsp;changes,<\/strong>&nbsp;has led to&nbsp;increased pressure&nbsp;on&nbsp;auditors. This&nbsp;includes&nbsp;materially affecting audit scope, risk assessment, and documentation standards.&nbsp;All this in a bid to&nbsp;minimize&nbsp;enforcement risk related to operational compliance under existing DOL and IRS oversight frameworks.&nbsp;<\/p>\n\n\n\n<p>This blog provides an overview of key SECURE 2.0 provisions effective through 2026&nbsp;and how&nbsp;auditors can&nbsp;move&nbsp;from routine compliance reviews to high-judgment, control-intensive engagements&nbsp;<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_50 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\" role=\"button\"><label for=\"item-69f407a4ce959\" aria-hidden=\"true\"><span style=\"display: flex;align-items: center;width: 35px;height: 30px;justify-content: center;direction:ltr;\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/label><input  type=\"checkbox\" id=\"item-69f407a4ce959\"><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.acobloom.com\/us\/blog\/secure-2-0-act\/#Key_Changes_to_SECURE_20\" title=\"Key&nbsp;Changes&nbsp;to&nbsp;SECURE 2.0&nbsp;&nbsp;\">Key&nbsp;Changes&nbsp;to&nbsp;SECURE 2.0&nbsp;&nbsp;<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.acobloom.com\/us\/blog\/secure-2-0-act\/#Roth_mandatory_catch-up_Contributions\" title=\"Roth mandatory catch-up Contributions&nbsp;\">Roth mandatory catch-up Contributions&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.acobloom.com\/us\/blog\/secure-2-0-act\/#Enhanced_%E2%80%9CSuper%E2%80%9D_Catch-Up_Contributions\" title=\"Enhanced (\u201cSuper\u201d) Catch-Up Contributions&nbsp;&nbsp;\">Enhanced (\u201cSuper\u201d) Catch-Up Contributions&nbsp;&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.acobloom.com\/us\/blog\/secure-2-0-act\/#Plan_Amendment_Deadlines\" title=\"Plan Amendment Deadlines&nbsp;\">Plan Amendment Deadlines&nbsp;<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.acobloom.com\/us\/blog\/secure-2-0-act\/#How_Should_Auditors_Prepare_for_SECURE_20\" title=\"How Should Auditors Prepare for&nbsp;SECURE 2.0&nbsp;&nbsp;\">How Should Auditors Prepare for&nbsp;SECURE 2.0&nbsp;&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.acobloom.com\/us\/blog\/secure-2-0-act\/#Conclusion\" title=\"Conclusion&nbsp;\">Conclusion&nbsp;<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Key_Changes_to_SECURE_20\"><\/span>Key&nbsp;Changes&nbsp;to&nbsp;SECURE 2.0&nbsp;&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Audit Considerations for SECURE 2.0 Provisions Effective&nbsp;requires&nbsp;auditors to make sure Employee Benefit Programs&nbsp;comply with&nbsp;significant requirements. These are&nbsp;related to the treatment of employee contributions for payroll as well as for the documentation of retirement plans. The&nbsp;following&nbsp;changes increase the amount of oversight each&nbsp;audit will receive from regulatory authorities:&nbsp;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Roth_mandatory_catch-up_Contributions\"><\/span><strong>Roth mandatory catch-up Contributions&nbsp;<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Under SECURE 2.0, individuals at 50 or above will be&nbsp;permitted&nbsp;to treat&nbsp;all of&nbsp;their catch-up contributions as Roth (after-tax) if their FICA Wages for the year preceding the year they become 50 exceed $150,000 for inflation. Effective January 1, 2026, qualifying employees under SECURE 2.0 will no longer be able to contribute to their 401ks pre-tax via catch-up contributions.&nbsp;<\/p>\n\n\n\n<p>From an auditing perspective, this new rule creates&nbsp;additional&nbsp;risk for not meeting operational compliance related to how payroll systems are set up, how participant compensation is tested, and how contributions are classified. Auditors should ensure that payroll systems and record-keeping systems properly&nbsp;identify&nbsp;affected participants (by using&nbsp;prior-year wages), consistently apply the Roth designation, and&nbsp;eliminate&nbsp;pre-tax catch-up contributions from being made by high-income employees.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Enhanced_%E2%80%9CSuper%E2%80%9D_Catch-Up_Contributions\"><\/span><strong>Enhanced (\u201cSuper\u201d) Catch-Up Contributions&nbsp;&nbsp;<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>With regard to&nbsp;applicable defined contribution plans, the limits on catch-up contributions for participants who will turn 60, 61, 62, or 63 by the end of the plan year will be increased from their current maximum limit to a maximum amount of $10,000, or up to 150 percent of the standard maximum limit (indexed). These increases may occur&nbsp;at a later date&nbsp;than what was originally proposed.&nbsp;&nbsp;<\/p>\n\n\n\n<p>For&nbsp;<strong>SECURE 2.0&nbsp;2026&nbsp;changes<\/strong>, the possible increase may be greater than $10,000 depending upon the inflation adjustment made to the standard maximum contribution limit of $8,000 for that year. The IRS has provided transition relief that will allow&nbsp;additional&nbsp;time to make changes to payroll systems and recordkeeping. (SECURE 2.0)&nbsp;<\/p>\n\n\n\n<p>Auditors should&nbsp;determine&nbsp;if the plan administrator accurately applies these higher limits, which became effective in 2025, and restricts eligibility for enhanced contributions to those who qualify within the specific plan year. Audit procedures should test participant age information; contributions that exceed the allowable enhanced limit of each plan year; as well as control processes to verify that enhanced catch-up contributions will not exceed allowable enhanced limits.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Plan_Amendment_Deadlines\"><\/span><strong>Plan Amendment Deadlines&nbsp;<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>As with the majority of SECURE 2.0 provisions, many take effect now and permit reasonable, good-faith compliance during interim periods until 31 December 2026. All qualified plans, except for certain Government and collectively bargained plans which may have later deadlines, must also have tax-qualified amendments&nbsp;in order to&nbsp;remain tax-qualified. Noncompliance with the&nbsp;timely&nbsp;adoption of plan amendments can result in plan qualification issues, as well as increase the risk of the plans being&nbsp;deemed&nbsp;non-compliant by the DOL or the IRS.&nbsp;<\/p>\n\n\n\n<p>Auditors should evaluate whether management has set forth an amendment timeline along with&nbsp;determining&nbsp;whether there is a draft or signed version of the provided plan amendments. Finally, auditors must&nbsp;determine&nbsp;if the plan operations for the interim periods&nbsp;comply with&nbsp;the &#8220;reasonable, good-faith&#8221; compliance requirement during that&nbsp;time period.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.acobloom.com\/us\/contact-us\/?utm_medium=orgnc&amp;utm_source=blog&amp;utm_campaign=us&amp;utm_content=consulting&amp;utm_term=in-content-cta-blog-banner\" target=\"_blank\" rel=\" noreferrer noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"367\" src=\"https:\/\/www.acobloom.com\/us\/wp-content\/uploads\/2024\/07\/Outsource-Accounting-Services-CTA-1024x367.jpg\" alt=\"Outsourcing Revenue Cycle Management\" class=\"wp-image-2783\" srcset=\"https:\/\/www.acobloom.com\/us\/wp-content\/uploads\/2024\/07\/Outsource-Accounting-Services-CTA-1024x367.jpg 1024w, https:\/\/www.acobloom.com\/us\/wp-content\/uploads\/2024\/07\/Outsource-Accounting-Services-CTA-300x108.jpg 300w, https:\/\/www.acobloom.com\/us\/wp-content\/uploads\/2024\/07\/Outsource-Accounting-Services-CTA-768x276.jpg 768w, https:\/\/www.acobloom.com\/us\/wp-content\/uploads\/2024\/07\/Outsource-Accounting-Services-CTA-1536x551.jpg 1536w, https:\/\/www.acobloom.com\/us\/wp-content\/uploads\/2024\/07\/Outsource-Accounting-Services-CTA.jpg 1920w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_Should_Auditors_Prepare_for_SECURE_20\"><\/span>How Should Auditors Prepare for&nbsp;SECURE 2.0&nbsp;&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>SECURE 2.0&nbsp;brings&nbsp;real operational&nbsp;changes to retirement plans. Auditors who wait until year-end to address them will find themselves behind. Provisions phase in over multiple years and do not apply uniformly across plan types, so preparation&nbsp;has to&nbsp;start well before fieldwork.&nbsp;<\/p>\n\n\n\n<p><strong>1. Know What&nbsp;Provision&nbsp;Applies to Each Client&nbsp;<\/strong><\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><\/li>\n<\/ol>\n\n\n\n<p>The first step is understanding which provisions affect which plans. Teams should sit down with management early, review any plan amendments, and confirm whether payroll systems and third-party administrators have&nbsp;actually made&nbsp;the required updates,&nbsp;not just whether they intend to. The&nbsp;areas&nbsp;most likely to require attention are automatic enrollment requirements, Roth catch-up rules for higher earners, the expanded catch-up limits for participants between ages 60 and 63, student loan matching contributions, updated RMD age thresholds, and hardship withdrawal self-certification procedures.&nbsp;<\/p>\n\n\n\n<p><strong>2. Revisit Risk Assessments&nbsp;<\/strong><\/p>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li><\/li>\n<\/ol>\n\n\n\n<p>Most of the risk introduced by SECURE 2.0 is operational, not presentational. The concern is whether systems are correctly&nbsp;identifying&nbsp;eligible participants, applying the right contribution limits, and classifying deferrals properly. Where processes run through automation, IT general controls and interface controls deserve a closer look than they may have received in prior years.&nbsp;<\/p>\n\n\n\n<p><strong>3. Go Deeper on Internal Controls&nbsp;<\/strong><\/p>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li><\/li>\n<\/ol>\n\n\n\n<p>Control evaluation needs more substance this cycle. That means asking how management tracks payroll system changes, how income thresholds are verified for Roth catch-up purposes, what oversight exists for student loan matching certifications, and whether hardship withdrawals go through any post-approval review. For plans that rely on third-party administrators, auditors need to carefully work through SOC 1 reports and confirm that plan sponsors are&nbsp;actually carrying&nbsp;out their complementary responsibilities,&nbsp;not just that those responsibilities are described on paper.&nbsp;<\/p>\n\n\n\n<p><strong>4. Update Audit Programs and Get in Front of Clients&nbsp;<\/strong><\/p>\n\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li><\/li>\n<\/ol>\n\n\n\n<p>Standard workpapers will&nbsp;likely need&nbsp;new steps to cover age-based eligibility testing, escalation percentage verification, and payroll-to-plan reconciliation. More importantly, client conversations should happen early. Many plan sponsors are still working through what SECURE 2.0&nbsp;requires of&nbsp;them operationally, and some have not fully connected the regulatory changes to their internal processes.&nbsp;Identifying&nbsp;gaps before year-end is far less disruptive than finding them during fieldwork.&nbsp;<\/p>\n\n\n\n<p><strong>5. Keep Documentation Tight&nbsp;<\/strong><\/p>\n\n\n\n<ol start=\"5\" class=\"wp-block-list\">\n<li><\/li>\n<\/ol>\n\n\n\n<p>Regulatory scrutiny around benefit plan audits is not going away. Risk assessments, control testing conclusions, and management representations should all be documented in a way that clearly supports the conclusions reached,&nbsp;not just checks a box.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>As the regulatory and professional&nbsp;environment&nbsp;continually evolves, auditors must remain flexible in their approach to&nbsp;<strong>employee benefit plan audit<\/strong>&nbsp;and should always be informed about new standards, how to interpret any new requirements that are being issued, and how to incorporate any new developments into the plan for conducting an audit and the actual audit itself.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Auditors need to use their professional judgment to exercise flexibility with regards to any evolving regulatory and professional risks, the increasing complexity of business operations.&nbsp;The potential need to&nbsp;modify&nbsp;the methodologies used to perform audits on employee benefit plans and to deliver reliable assurance to&nbsp;the&nbsp;participants.&nbsp;&nbsp;<\/p>\n\n\n\n<p>By thinking ahead and proactively&nbsp;modifying&nbsp;the way that they perform audits on employee benefit plans, auditors will continue to provide an effective audit that meets the requirements&nbsp;identified&nbsp;by various sources of external review and oversight.&nbsp;<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Setting Every Community Up for Retirement Enhancement (SECURE)&nbsp;was&nbsp;first&nbsp;introduced in 2019&nbsp;as a law that made it easier for Americans&nbsp;to&nbsp;save for retirement.&nbsp;Phase 2&nbsp;of SECURE, while adding&nbsp;90&nbsp;new provisions to the&nbsp;original,&nbsp;introduces&nbsp;significant operational and compliance changes&nbsp;in&nbsp;retirement plans.&nbsp;&nbsp; The&nbsp;new&nbsp;rules,&nbsp;effective&nbsp;under&nbsp;SECURE 2.0&nbsp;2026&nbsp;changes,&nbsp;has led to&nbsp;increased pressure&nbsp;on&nbsp;auditors. This&nbsp;includes&nbsp;materially affecting audit scope, risk assessment, and documentation standards.&nbsp;All this in a bid to&nbsp;minimize&nbsp;enforcement risk related to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6051,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[128,127,129,125,126],"class_list":["post-6050","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-audit","tag-401k-plan-compliance","tag-employee-benefit-plan-audit","tag-retirement-plan-audit-2026","tag-secure-2-0-act","tag-secure-2-0-employer-audits"],"_links":{"self":[{"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/posts\/6050","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/comments?post=6050"}],"version-history":[{"count":2,"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/posts\/6050\/revisions"}],"predecessor-version":[{"id":6053,"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/posts\/6050\/revisions\/6053"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/media\/6051"}],"wp:attachment":[{"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/media?parent=6050"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/categories?post=6050"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/tags?post=6050"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}