The Employee Retirement Security Act of 1974 (ERISA) generally requires employee benefit plans with 100 or more participants to have an independent financial statement audit as part of the plan sponsor’s obligation to file a Form 5500.

Financial statement audits provide an independent, third-party opinion to participants, plan management, the Department of Labor (DOL), and other interested parties that the plan’s financial statements provide reliable information to assess the plan’s present and future ability to pay benefits.

The overall objectives of the plan auditor under professional standards are to obtain reasonable assurance about whether the financial statements are free from material misstatement, whether due to fraud or error and to report on the financial statements in accordance with his or her findings. In addition, the DOL requires the independent auditor to offer an opinion on whether the DOL-required supplemental schedules attached to the Form 5500 are presented fairly in all material respects, in relation to the financial statements.

To accomplish these objectives, the auditor plans and performs the audit to obtain reasonable assurance that material misstatements, whether caused by error or fraud, are detected.

The auditor assesses the reliability, fairness and appropriateness of the plan’s financial information as reported by plan management, by:

• Testing evidence supporting the amounts and disclosures in the plan’s financial statements and Department of Labor (DOL)-required supplemental schedules

• Assessing the accounting principles used and significant accounting estimates made by management

• Evaluating the overall financial statement presentation to form an opinion on whether the financial statements are free of material misstatement

In conducting a plan audit, the auditor has a responsibility to perform procedures with respect to the provisions of ERISA and DOL and IRS regulations that have a direct effect on the determination of material amounts and disclosures in the financial statements.  

As part the auditor’s consideration of the plan’s compliance with laws and regulations, the auditor is required to make certain inquiries and review correspondence with the DOL and IRS. The auditor also considers the effect of the transaction on the financial statements.

While an independent auditor is a valuable resource, it is important that you understand that the responsibility for investment valuation and disclosure remains with you. Hiring an auditor to perform an audit — whether full scope or limited scope — does not relieve you of your responsibility for the completeness and accuracy of the plan’s investment information reported in the Form 5500 and the financial statements.

An independent auditor may be a good resource to consult about the adequacy of valuation techniques and the related financial statement disclosures, but they cannot make the determination regarding the valuation inputs (Level I, II, or III).

Department of Labor (DOL) and AICPA auditor independence rules restrict what non-audit services auditors can perform for a plan for which they perform the annual financial statement audit.

Your plan auditor may provide advice, research materials, and recommendations to assist you in making decisions about the adequacy of your investment valuations and of the related disclosures. They may also assist you in establishing internal controls surrounding your investment valuations. Your auditor may be able to provide some assistance with the financial statement preparation, unless they are prevented from doing so under SEC independence rules for Form 11-K filers.

There are six key steps that auditors must follow. FMD has laid out the basics that we follow below.

Step 1--Planning and Supervision

Professional standards require that the auditor adequately plan the work and supervise any assistants.

Audit planning includes developing an overall audit strategy for the expected conduct, including:

• Organization and staffing of the audit

• Establishing a written understanding with the client regarding the services to be performed

• Obtaining an understanding of the plan’s internal controls

The nature, timing, and extent of planning will vary according to the type of employee benefit plan, the size and complexity of the plan’s operations, the auditor’s experience with the plan, and his or her understanding of the plan and its environment, including its internal control.

Step 2--Risk Assessment

Audit risk is the risk that the auditor expresses an unmodified opinion when the plan’s financial statements are materially misstated. The auditor considers audit risk in relation to the overall financial statement level and the assertion level for classes of transactions, account balances, and disclosures, and performs procedures to assess the risks of material misstatement at both levels.

Step 3--Internal Control

The auditor must obtain an understanding of the plan and its environment, including its internal control relevant to the audit, which will provide a basis for designing and implementing the audit plan.

An important part of the auditor’s planning is to look at the internal control over the financial reporting that are in place and then evaluate their effectiveness to assess the risks of material misstatement.

Step 4--Audit Testing

In developing an audit strategy, the auditor considers whether to rely on the relevant controls at the plan and the plan’s service organizations for various areas of the audit based on an assessment of factors such as:

• Cost/benefit considerations

• The size of the plan and prior year results of control testing

If test results indicate the plan’s controls are effective, the auditor may reduce the level of “substantive tests” he or she performs as a basis for the audit opinion.

Step 5--Evaluation

The auditor evaluates the audit evidence obtained and considers what type of audit opinion to issue. Professional standards define certain requirements and provide broad guidelines about the evaluation of audit evidence. However, the auditor also is required to exercise professional judgment to determine the nature and amount of evidence required to support the audit opinion.

Depending on the test results, the engagement team may need to adjust its audit plan, modify its tests, or perform additional procedures in response to this updated information as warranted.

Step 6--Reporting

To conclude the audit, the auditor issues the written audit report, which contains their findings.

Auditor communications can provide valuable information to help you improve plan operations – and they can also help you meet your fiduciary responsibilities to plan participants.

As a value-added service, your auditor may make other communications not required by professional standards. Your auditor may wish to communicate deficiencies in internal control or other issues or recommendations for improvement noted during the audit. Such comments generally are included in a “management letter.” Management letters generally would document the deficiency in internal control or other issue and include a recommendation for remedying the situation. Some auditors may prefer to communicate such matters verbally in a face-to-face meeting.

As a plan sponsor, administrator, or trustee, your fiduciary responsibilities include planning administration functions such as maintaining the financial books and records of the plan and filing a complete and accurate annual return/report for your plan on a timely basis.

The communications discussed above will help keep you apprised of issues that may need to be addressed for you to fulfill these responsibilities. In addition, because errors and fraud can and do occur, it is important that your plan management establish safeguards to prevent or detect such errors and fraud. This can be accomplished by implementing effective internal control over financial reporting.

Communications about internal control matters identified in the audit will help improve your awareness of the importance of internal control over financial reporting, and will enable you to assess the costs and benefits of implementing adequate controls that minimize risk for misstatements in your financial reporting process, weigh the risks of each significant deficiency or material weakness, and determine whether and how to address them.

When the plan administrator instructs the auditor to perform a limited scope audit, the auditor has no responsibility to test the accuracy or completeness of the investment information certified by the plan’s trustee or custodian, obtain an understanding of internal control maintained by the certifying institution over investments held and investment transactions executed for the plan, or assess control risk associated with assets held and transactions executed by the institution. 

The limited scope exemption applies only to the investment information certified to by the qualified certifying institution and does not extend to:

• Participant data

• Contributions

• Benefit payments

• Required financial statement disclosures

• Other information, regardless of whether it is included in the certified information

• Plan investments held by the certifying institution or investment income information that are not specifically included in the certification

• Plan investments not held by a qualified institution, such as real estate, leases, and mortgages

• Self-directed brokerage accounts or participant loans that are not held by the qualified institution

When ERISA established the limited scope audit exemption in 1974, most plan investments were held in common stocks, mutual funds, bonds, and other instruments that were either directly held by the plan, or held in trust or custodial accounts at banks, insurance companies, or similar institutions regulated by a Federal or state agency. Since ERISA was enacted, many plans have shifted their investments into more complex, hard-to-value Investments. In today’s environment, such investments are not necessarily held directly, but rather may be held in a multi-layered investment, thus making them more difficult to identify and value.

If the plan is invested solely in assets with readily determinable fair values the trustee or custodian typically obtains fair values from nationally recognized pricing services. However, in cases where the plan invests in other types of assets, and where the trustee or custodian may have been engaged only to provide custodial services, the values in the trust statement may be a pass-through of the values provided by the fund issuer or general partner, or by a boutique vendor or broker for non-marketable securities.

In those cases, the reported values are based on the best information available to the trustee and custodian at the time the trustee or custodial report is prepared, which may or may not be the appropriate values for financial statement and Form 5500 reporting purposes as of the plan’s year end. As such, it is important that plan administrators evaluate whether these limited scope audit exemptions continue to make sense for their plan audits.

Not only are 401k audits required in certain situations, but independent audits of employee benefit plan financial statements are an important accountability mechanism.

A financial statement audit can:

• provide an independent, third-party report to participants and plan management

• indicate whether the plan’s financial statements provide reliable information

• assess the plan’s present and future ability to pay benefits

• help protect the financial integrity of the employee benefit plan

• help users determine whether the necessary funds will be available to pay retirement, health, and other promised benefits to participants

The audit also may help plan management improve and streamline plan operations by evaluating the strength of the plan’s internal control over financial reporting, and identify control weaknesses or plan operational errors. The audit also helps the plan administrator carry out its legal responsibility to file a complete and accurate Form 5500 for the plan with the Department of Labor (DOL).

IRS examiners use Audit Techniques Guides (ATGs) to prepare for audits — and so can small business owners. Many ATGs target specific industries, such as construction. Others address issues that frequently arise in audits, such as executive compensation and fringe benefits. These publications can provide valuable insights into issues that might surface if your business is audited.

What do ATGs cover?

The IRS compiles information obtained from past examinations of taxpayers and publishes its findings in ATGs. Typically, these publications explain:

• The nature of the industry or issue,

• Accounting methods commonly used in an industry,

• Relevant audit examination techniques,

• Common and industry-specific compliance issues,

• Business practices,

• Industry terminology, and

• Sample interview questions.

By using a specific ATG, an examiner may, for example, be able to reconcile discrepancies when reported income or expenses aren’t consistent with what’s normal for the industry or to identify anomalies within the geographic area in which the taxpayer resides.

What do ATGs advise?

ATGs cover the types of documentation IRS examiners should request from taxpayers and what relevant information might be uncovered during a tour of the business premises. These guides are intended in part to help examiners identify potential sources of income that could otherwise slip through the cracks.

Other issues that ATGs might instruct examiners to inquire about include:

• Internal controls (or lack of controls),

• The sources of funds used to start the business,

• A list of suppliers and vendors,

• The availability of business records,

• Names of individual(s) responsible for maintaining business records,

• Nature of business operations (for example, hours and days open),

• Names and responsibilities of employees,

• Names of individual(s) with control over inventory, and

• Personal expenses paid with business funds.

For example, one ATG focuses specifically on cash-intensive businesses, such as auto repair shops, check-cashing operations, gas stations, liquor stores, restaurants and bars, and salons. It highlights the importance of reviewing cash receipts and cash register tapes for these types of businesses.

Cash-intensive businesses may be tempted to underreport their cash receipts, but franchised operations may have internal controls in place to deter such “skimming.” For instance, a franchisee may be required to purchase products or goods from the franchisor, which provides a paper trail that can be used to verify sales records.

Likewise, for gas stations, examiners must check the methods of determining income, rebates and other incentives. Restaurants and bars should be asked about net profits compared to the industry average, spillage, pouring averages and tipping.

Avoiding red flags

Although ATGs were created to enhance IRS examiner proficiency, they also can help small businesses ensure they aren’t engaging in practices that could raise red flags with the IRS. To access the complete list of ATGs, visit the IRS website. And for more information on the IRS red flags that may be relevant to your business, contact us.

© 2018

Federal law requires employee benefit plans with 100 or more participants to have an audit as part of their obligation to file an annual return/report (Form 5500 Series).

A quality audit will help protect the assets and the financial integrity of your employee benefit plan and help you determine whether the necessary funds will be available to pay retirement, health, and other promised benefits to your employees. The higher the quality of a plan’s financial statement audit, the more reliable the information used to manage and administer the plan.

A quality audit also will help you carry out your legal responsibility to file a complete and accurate annual return/report for your plan each year. As such, selection of an experienced and reliable auditor is very important.

Recent Department of Labor (DOL) studies of audit quality have identified significant deficiencies in plan audits. Accordingly, the DOL has implemented various enforcement strategies with respect to audit deficiencies. The penalties for such audit failures can be substantial. The DOL can assess penalties on plan sponsors of up to $1,100 a day capped at $50,000 per annual report filing where the required auditor’s report is missing or deficient.

Independent audits of employee benefit plan financial statements are an important accountability mechanism. If your employee benefit plan is required to have an audit, it is the plan administrator’s duty to hire an independent qualified public accountant, and to ensure that the plan has obtained a quality audit in accordance with Employee Retirement Income Security Act of 1974 (ERISA) and U.S. Department of Labor (DOL) requirements. The sponsor of the plan is the plan administrator under the law unless another individual or entity is specifically designated to assume this responsibility.

Plan administrators should use the same care and prudence in hiring a plan auditor that they use when hiring any individual or entity that provides services to the plan. Plan sponsors should make the selection of the plan auditor a high priority and exercise due care during every phase of the auditor selection process.

FMD can help with your Employee Benefit Plan Audit. 

When a plan sponsor hires one or more service organizations to handle plan administration functions, the agreement typically establishes that the service organization(s) assumes liability for its performance of those functions. The employer is required to periodically monitor the service organization to ensure it is handling the plan’s investments prudently. Prudence focuses on the process for making fiduciary decisions; therefore, it is wise to document decisions and the basis for those decisions, including an employer’s selection and monitoring processes.

The Department of Labor (DOL) provides the following tips as a starting point for plan sponsors hiring service organizations:

• Information about the firm itself (e.g., financial condition and experience with retirement plans of similar size and complexity)

• The quality of the firm’s services (e.g., the identity, experience and qualifications of professionals who will be handling the plan’s account; any recent litigation or enforcement action taken against the firm; and the firm’s experience or performance record)

• A description of business practices (e.g., how plan assets will be invested if the firm will manage plan investments or how participant investment directions will be handled; the proposed fee structure; and whether the firm has fiduciary liability insurance)

• Document the hiring process

• Ensure the service organization is clear about the extent of its fiduciary responsibilities

• Obtain a fidelity bond for individuals handling plan funds or other plan property

• Monitor the plan’s service organizations

Other important points to consider when hiring a service organization are the ability to access data maintained by the service organization on both a daily and annual basis, and whether the service organization agrees to obtain a Service Organization Controls (SOC 1) report. And finally, you should ensure that a service organization hired to prepare the plan’s financial statements will provide you with the support you need to understand those financial statements.

FMD can help with your Employee Benefit Plan Audit. 

Employee benefit plans are a complex area that require intimate knowledge of plan design as well as performance.

When considering an auditor for your plan, be sure to ask the following questions:

• Is your auditor looking at your plan’s operations, documents, and amendments?

• Does your auditor understand the difference between the requirements for the financial statements and your Form 5500?

• Does your auditor invest in training to keep up-to-date on the latest issues?

• Is your auditor a member of the AICPA Employee Benefit Plan Audit Quality Center?

• Does your auditor assign an experienced benefit plan auditor to service your account?

• Do you understand that the plan fiduciary is responsible for the work performed by auditors

At Fenner, Melstrom & Dooling, PLC, we realize that one of the most important factors in choosing an auditor is feeling comfortable with the people you will be working with. Our ongoing commitment to provide financial and business wisdom, means we are continuously broadening our knowledge, honing our skills, and sharing valuable insights with our clients.

FMD can help with your employee benefit plan audit.