While some believe that an employee benefit plan audit is obtained simply to satisfy a regulatory requirement, there are certain areas in which an employee benefit plan audit can assist, or add value, to plan sponsors. As our own Josh Zimmerly mentioned in his article “Benefit Plan Audit by Infomercial,” an audit can help to evaluate plan health and aid administrative performance by providing recommendations, including flagging potential problems or identifying cybersecurity risks and helping to implement solutions to mitigate risk. Let’s break down these points a bit further.
In a benefit plan audit, the auditor typically will perform a comprehensive review of the plan document and understand the mechanics of the plan by performing walkthroughs of key cycles, such as enrollment, distribution, and payroll/contribution process. Additionally, an audit consists of performing substantive testing procedures around eligibility, contributions, distributions, plan expenses, and notes receivable from participants, if applicable. The procedures outlined above could identify potential operational issues associated with the Plan. This discovery then gives the plan sponsor the opportunity to take appropriate corrective action in order for the plan to maintain its qualified tax-exempt status and avoid any potential future liability from the Internal Revenue Service or Department of Labor.
Audits also aid in the evaluation of the plan’s health. Plan sponsors should not only be focused on the cost side of the Plan, but also on increasing employee participation so that employees have adequate income at retirement age. One strategy that plan sponsors should consider is the adoption of an automatic enrollment provision for newly hired employees. Additionally, to bolster retirement readiness, plan sponsors should also consider implementing auto-escalation clauses within their plans. Finally, with all of the security breaches (from Target to Equifax), cybersecurity is a hot topic. Plan sponsors should be closely monitoring their service providers’ Service Organization Reports (SOC reports) to ensure that third-party administrators are mitigating information technology risks surrounding physical access, logical access, and change management. Having another set of eyes on the information technology environment through a third-party audit can help identify potential gaps or vulnerabilities while trying to maintain data integrity, protect employee information and retirement assets.
So don’t just “set it and forget it”. Plan sponsors should continuously be monitoring the plan to ensure that participants have the available resources to take action and become retirement-ready. Plan sponsors should also consistently evaluate the plan processes to ensure continued compliance with regulatory requirements. Remember, an audit is not just a regulatory requirement, it’s a valuable part of the process.
You’ve heard our thoughts… We’d like to hear yours
The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].
Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.