THE PROFIT SHARING AND 401K ADVOCATESHARING THE COMMITMENT SINCE 1947
Join PSCA
Members Only Helpline
Find a Service Provider
Conferences
Online Training
Signature Awards
401k.org
401(k) Day
Purchase Products

PSCA 51st Annual Survey of Profit Sharing and 401k plans
 

Defined Contributions Insights Magazine

September/October 2007

Quality Audits Are Your Fiduciary Responsibility
How to avoid common audit deficiencies

By Jan Altman, Joe Musher, Marc Newman, and Ken Perlman, CPAs

For something as complicated as 401(k) administration, many things can go wrong. The plan sponsor, the third-party administrator, or the directed trustee can make mistakes or even commit fraud. One critical tool in uncovering inaccuracies is the annual 401(k) plan audit. The Employee Retirement Income Security Act of 1974 (ERISA) generally requires sponsors to submit audits as part of the annual return/report (Form 5500) if their 401(k) plans have 100 or more participants. However, many audits fall short of generally accepted auditing standards for employee benefit plans. An astonishing one-third of the one million audits filed each year with the Employee Benefit Security Administration (EBSA) of the U.S. Department of Labor are found to be deficient. If your audit is among them, it could be rejected.

It also could cost you a significant amount of money.

The plan sponsor bears fiduciary responsibility and liability for a deficient audit, and the EBSA could level a stiff monetary civil penalty under ERISA (see sidebar, “Paying the Price for Non-compliance”). Individual executives who are responsible for managing the company’s 401(k) plan could be held personally responsible as well. The audit firm itself is not penalized.

The EBSA is determined to improve plan audit quality. It is letting plan sponsors know that one of their most important duties is to hire an independent qualified public accountant with the appropriate knowledge and background. The plan sponsor also is expected to adequately review the audit work and report. The EBSA states that one of the most common reasons for deficient accountants’ reports is the failure of the auditor to perform tests in areas unique to employee benefit plan audits. It strongly advises plan sponsors to use auditors with employee benefit plan experience.

What plan sponsors really need to know is how to choose an auditor, what are the most common audit deficiencies, and — if they face penalties — understand the potential benefits of the Department of Labor’s Voluntary Fiduciary Correction Program.

Paying the Price for Non-compliance

The Employee Retirement Income Security Act of 1974 (ERISA) holds plan administrators responsible for assuring that plan financial statements are audited in accordance with generally accepted auditing standards. Plan administrators could face stiff monetary civil penalties under ERISA if found to file deficient audit reports. Auditors themselves are not held responsible.

Some penalties may be imposed or assessed by one of the governmental agencies delegated to administer the collection of the Form 5500 data, while others require a legal conviction. Some penalties include:

  • The Department of Labor (DOL) charges $1,100 a day for each day a plan administrator fails to complete a return.

  • The IRS assesses $25 a day (up to $15,000) for not filing a return.

  • The DOL assesses penalties of $150 a day (up to $50,000) per annual report filing where the required auditor’s report is missing or deficient.

  • The DOL assesses penalties of $100 a day (up to $36,500) per annual report filing that contains deficient financial information.

  • The DOL stipulates that any individual who willfully violates a provision of Part 1 of Title I of ERISA shall be fined not more than $100,000 or imprisoned not more than 10 years, or both.


Make 401(k) Audits a Priority
At most companies the annual 401(k) audit takes a backseat to the corporate audit, which draws more attention from senior management. Unaware of the special expertise needed to perform a quality 401(k) audit, senior managers commonly assign the task to the firm they already use to perform the corporate audit. If the firm performs only one or two plan audits a year, it could affect the quality of its work. According to the EBSA, the more training and experience that an auditor has with employee benefit plan audits, the more familiar the auditor will be with benefit plan practices and operations, as well as the specific auditing standards and rules that apply to such plans.

The accounting profession itself has recognized the need to improve plan audit quality. As a result, the American Institute of Certified Public Account ants (AICPA) launched the Employee Benefit Plan Audit Quality Center in 2004. Its requirements for membership are stringent and could serve as guidelines for choosing an auditing firm. Some of the requirements are that member firms:

1. Designate an audit partner to have firm-wide responsibility for the quality of the firm’s ERISA employee benefit plan audit practice.

2. Establish a program to ensure that all ERISA employee benefit plan audit engagement personnel possess current knowledge appropriate to their level of involvement in the engagement of applicable professional standards, rules and regulations for ERISA employee benefit plan audits.

3. Establish policies and procedures specific to the firm’s ERISA employee benefit plan audit practice so that the firm complies with the applicable professional standards and center membership requirements.

4. Establish annual internal inspection procedure that include a review of the firm’s ERISA employee benefit plan audit practice, in addition to ongoing monitoring of quality control standards.

5. Include ERISA employee benefit plan audits in the firm’s peer review.

All of these processes play an important role in improving audit quality.

Common Audit Deficiencies
As the plan sponsor, you should be aware of the types of audit deficiencies found by the EBSA so you can to talk to your audit firm about avoiding them. Here are the areas where audits most commonly come up short, according to the EBSA:

Planning the Audit
Before anyone in the audit team picks up a pencil, they have to look at how the plan is structured and determine which audit procedures are necessary. They also should assess the risk of material misstatement due to fraud.

Assessing Internal Controls
The auditor is responsible for ascertaining that contributions are sent to the right party, that contributions are received, and that the right accounts are credited. The auditor is also responsible for documenting the process, and EBSA frequently rejects audit reports for inadequate documentation. If the third-party administrator or recordkeeper provides an independent report on its internal controls, known as a SAS 70 report, your auditor has to use the report properly.

Contributions
Some auditors skip this area, but it’s important to determine if payroll deductions match the participant’s elections. The auditor needs to check if the plan sponsor is not holding onto contributions beyond the time frame set by law. Again, adequate documentation is required.

Investments
The audit engagement should include an examination of investments and year-end values. In the case of a limited scope audit, in which the record keeper certifies that the investment records are accurate and complete, the auditor must see that the certifications are used properly.

Benefit Payments
Auditors must audit and adequately document the audit work, benefit payments, and eligibility. All too often it is discovered that deceased retirees were receiving payments years after their deaths.

Participant Data
There needs to be sufficient testing of payroll data as well as participant eligibility, forfeitures, and allocations. Auditors should test the allocation of earnings and gains/losses to participant accounts, and properly document the work.

This list barely scratches the surface of the complex disclosure and compliance audit requirements under ERISA. You should discuss these areas with your plan auditor to assure yourself that the audit is being properly conducted.

Mistakes in Years Past
With these suggestions, you’ll be better prepared to monitor your audit firm’s work and increase your confidence that you can file a quality audit next time one is due (which is seven months after the end of the plan year). However, you are still liable for deficient audits filed previously. Fortunately, the U.S. Department of Labor has implemented a Voluntary Fiduciary Correction Program (VFC), which is designed to encourage the voluntary and timely correction of possible fiduciary violations of ERISA. It allows certain individuals to avoid potential ERISA civil actions and penalties levied by the Department of Labor. If the conditions of the VFC are satisfied in the correction of a breach, there will be no imposition of civil penalties under ERISA (certain fees apply).

The VFC program can potentially protect plan sponsors that fail to remit participant contributions to the 401(k) plan trust within the permitted time period under Labor Reg. 2510.3-102. Under the terms of the program, the plan sponsor has to correct the error. If the contributions were never remitted, participant accounts are due the outstanding principal amount along with the greater of (a) lost earnings, or (b) restoration of profits stemming from the employer’s use of the principal amount. In the case of late contributions, the plan sponsor is required to remit to participant accounts the greater of (a) lost earnings, or (b) restoration of profits stemming from the employer’s use of the principal amount.

The EBSA also penalizes plan sponsors that fail to file annual reports. The Delinquent Filer Voluntary Compliance Program (DFVC) permits sponsors to pay reduced civil penalties for voluntary complying with their Department of Labor annual reporting obligations. The penalty is $10 per day for each day the Form 5500 was due (without regard to extensions). In the case of “small plan” filers (generally plans with fewer than 100 participants), the maximum penalty is $750 for each annual report, not to exceed $1,500 per plan. For “large plan” filers the maximum penalty is $2,000 for each annual report, not to exceed $4,000 per plan.

Sometimes you can be a delinquent filer without being aware of it. For example, our firm recently was engaged by a client to audit a number of pension and 401(K) plans offered by a newly acquired company. While reviewing the prior year Form 5500 filings, we discovered that the previous company management and prior auditor had neglected to file a Form 5500 for the Master Trust holding the plan investments. Corporate counsel informed our client that the potential penalty to file for all years was approximately $630,000. We advised the client of the DFVC program, for which it qualified. We prepared the prior year Form 5500 filings, which the client submitted and the cost was reduced from $630,000 to $12,000.

Conclusion
As you can see, complying with the disclosure and reporting requirements of ERISA are a significant part of your responsibilities as a plan sponsor, and obligations for which you bear fiduciary responsibility. The complex and detailed reporting requirements of 401(k) plans are best performed by auditors trained in the specifics of employee benefit plans.

 

The authors are partners in the employee benefit plan practice of Buchbinder Tunick & Co., LLP, a member of the Profit Sharing/401k Council of America, with offices in New York City and the Washington, D.C. metro area.

 

 

Return 
  

 

Profit Sharing / 401k Council of America
20 North Wacker Drive, Suite 3700, Chicago, Illinois 60606
Tel: (312) 419-1863 • Fax: (312) 419-1864 • psca@psca.org

© 2008 Profit Sharing / 401k Council of America

Site Map