PRIMARY CONTACT: Patricia Giudici, CPA
Employee benefit plan audits are required for a majority of plans that are covered by the Employee Retirement Income Security Act of 1974 (ERISA). With increased scrutiny on employee benefit plan audits, the Schneider Downs ERISA group has prepared a listing of Frequently Asked Questions to help parties better understand the requirements and types of benefit plan audits, including the required filings, characteristics to look for in an audit firm, and advice on preparation for an audit.
The Employee Retirement Income Security Act of 1974, or ERISA, protects the assets of employees so that funds placed in retirement plans during their working lives will be available when they retire.
ERISA is a federal law that establishes certain standards for retirement plans in the private industry. For example, ERISA specifies (1) minimum standards for employee eligibility, vesting and funding, (2) fiduciary responsibilities and standards, (3) reporting and disclosure requirements, and (4) enforcement responsibilities. Additionally, certain parts of ERISA are coordinated with applicable tax-related provisions of the Internal Revenue Code.
In general, ERISA applies to the following types of benefit plans:
The type of plan that an organization depends on a number of factors, including the size of the organization, the employer’s commitment to providing benefits, the organization’s goals and objectives, the costs of maintaining the plan, etc.
Employers should work closely with knowledgeable retirement plan advisors to identify the specific retirement plan program that is appropriate for their organization and employees.
There are a number of different federal reporting and employee disclosure requirements associated with maintaining a benefit plan that is subject to ERISA. While many of these requirements are consistent across all types of ERISA plans (Form 5500 reporting, for example), others depend upon a plan’s specific provisions and features.
To assist plan sponsors with identifying their reporting and disclosure responsibilities, the Department of Labor has published a Reporting and Disclosure Guide for Employee Benefit Plans, which can be found at https://www.dol.gov/sites/default/files/ebsa/about-ebsa/our-activities/resource-center/publications/reporting-and-disclosure-guide-for-employee-benefit-plans.pdf
Qualified plan contributions are subject to various limitations under the Internal Revenue Code. These limitations are updated annually by the IRS. The following chart provides a comprehensive listing of the current contribution limits:
|401(k) deferral limit||$19,500||$19,500|
|401(k) catch-up limit||$6,500||$6,500|
|Defined contribution individual limit*||$57,000||$58,000|
|IRA contribution limit (49 and under)||$6,000||$6,000|
|IRA contribution limit (50 and above)||$7,000||$7,000|
*Excludes catch-up limits
A fiduciary is any individual who has discretionary control or authority over plan management or assets, or responsibility for plan administration or provides investment advice (or has the authority to) for compensation. Fiduciaries include, but are not limited to, plan trustees, plan administrators and members of the plan’s investment committee.
Fiduciaries have important responsibilities and are subject to standards of conduct because they act on behalf of participants in a retirement plan and their beneficiaries. These responsibilities include acting solely in the interest of plan participants and their beneficiaries and with the exclusive purpose of providing benefits to them; carrying out their duties prudently; following the plan documents (unless inconsistent with ERISA); diversifying plan investments; and paying only reasonable plan expenses.
The duty to act prudently is one of a fiduciary’s central responsibilities under ERISA and requires expertise in a variety of areas, such as investments. While many fiduciaries will hire professionals to assist with carrying out these responsibilities, it is important to note that he/she will retain a fiduciary responsibility to monitor the chosen service providers.
Form 5500 must be completed by the sponsor of any plan subject to ERISA.
The Form 5500 (and accompanying audit report, if required) is due seven months after the last day of the plan year (July 31 for calendar year-end plans), and can be extended for an additional 2½ months, to October 15 for calendar year-end plans.
Yes. Governmental plans and church plans are exempt from Title I of ERISA as well as certain types of 403(b) plans that qualify under the safe harbor rules. You should consult with ERISA counsel if you believe your plan may be exempt from the reporting obligations of Title I. Failure to comply with these regulations could result in significant penalties being assessed to your plan.
Generally, employee benefit plans with 100 or more participants (includes eligible, but not participating as well as separated employees with account balances) are considered to be “large” plans and are required to have an audit performed on an annual basis. Plans with fewer than 100 participants (“small” plans) generally do not require an audit to be performed.
Yes, an exception to these general rules does exist. The "80-120 rule" as it is called may permit plans with more than 100 participants to be treated as a “small” plan. In instances where a plan existed in the previous year, was treated as a small plan for that year and has no more than 120 participants (as of the beginning of the plan year), it may continue to file as a small plan, and no audit will be required. There is no limit to the number of years this rule may be applied. This means a plan may have up to 120 participants for many years without having an audit requirement.
However, if a new plan (no previous Form 5500 filing) has 100 or more participants (as of the beginning of the plan year), it must file as a “large” plan, and therefore, would require an audit.
Medical, dental, short- and long-term disability and other types of welfare benefit plans only require an audit if funded. Often, benefits from these plans are paid out of the general assets of the employer/plan sponsor, or through insurance rather than a trust.
If the plan uses a trust, it will be considered a funded plan, and an audit will be required if there are 100 or more participants.
If the plan year is seven months or less, the audit for the short plan year may be deferred until the following plan year. The plan audit for the short plan year still needs to be performed; however, the audit report is filed with the following year's Form 5500. Filing of the short plan year's Form 5500 is not deferred.
If the election to defer the audit is elected and the plan participant count falls under 100 for the subsequent plan year, the plan must still meet the large plan filing requirements in that subsequent year.
A limited scope audit permits the plan administrator the option of not having investment information (at the plan level only) tested during the audit. In order to permit a limited scope audit, the investment information must be certified by the trustee or custodian as ‘complete and accurate.’ Certifications of completeness or accuracy, but not both, do not qualify for limited scope audits. Additionally, the certification cannot be from a broker/dealer. The certification must be from a qualified institution. Under Department of Labor (DOL) regulations a qualified institution is one that is regulated and subject to periodic examination by a state of Federal agency such as a bank, trust company, or similar institution including an insurance company.
The limited scope exception does not apply to any other audit areas (i.e., participant data, contributions, distributions, etc.) only to investments.
With the implementation of Statement of Auditing Standards 136, which is effective for periods ending on or after December 15, 2021, the term-limited scope audit is replaced with the term ERISA Section 103(a)(3)(c) audit.
No. 11-k audits (audits of a public company’s employee benefit plan that contains plan sponsor stock), master trust arrangements with certification only at the master level, church and governmental plans and assets held outside of a trust are not eligible for limited scope audits. Additionally, plans whereby the assets are not held by a qualified institution do not qualify for a limited scope or ERISA Section 103(a)(3)(c) audit.
The area of most focus in a plan audit should be on participant-related transactions and activity. This includes payroll information, deferral percentages, demographic information, distribution paperwork, claims paid (for health & welfare plans), and, most importantly, the plan document provisions. Without the plan document, an audit should not be started.
Just as important as participant data is the plan’s investments. As noted above, the level of audit procedures for investments varies in a limited scope or full scope audit. However, no matter what the scope, a plan’s financial statements must contain all disclosures required by the financial report framework (generally accepted accounting principles).
The EBPAQC is a voluntary membership organization for firms performing ERISA employee benefit plan audits and was established to promote the quality of employee benefit plan audits. The EBPAQC provides members with timely communication of regulatory updates, best practices guidance, technical updates and member to member discussion forums to discuss these matters.
Membership requirements include designating an audit partner to have firm-wide responsibility for the quality of the firm’s ERISA employee benefit plan audit practice; establishing a program to ensure that all ERISA employee benefit audit plan audit engagement personnel possess current knowledge, appropriate for their level of involvement in the engagement; establishing annual internal inspection procedures that include a review of the firms ERISA employee benefit plan audit practice; establishing policies and procedures specific to the firm's ERISA employee benefit plan audit practice to comply with the applicable professional standards and EBPAQC member requirements.
Studies by the DOL of employee benefit plan audits show a much smaller deficiency rate in firms that belong to the EBPAQC than those that do not. Given the fiduciary responsibility of the plan sponsor to have a quality audit performed, this becomes a very significant factor to consider.
An ERISA fidelity bond is a required type of insurance that protects the plan against losses caused by fraud or dishonesty. It is different from fiduciary liability insurance (which is not required but encouraged), which insures fiduciaries against losses caused by breaches of fiduciary responsibilities.
The Schneider Downs ERISA audit practice consists of a service model that is not limited to attest services but includes providing support and oversight to clients, year-round access to experts, annual education seminars for clients that include both regulatory and accounting updates, and more. For more information, visit our dedicated Audit and Assurance Services for Employee Benefit Plans page or contact us at [email protected].