For more stories like this, sign up for the PLANSPONSOR NEWSDash daily newsletter.
Compliance May 20, 2019
What to Know About Financial Audits Filed with Form 5500s
Plan sponsors required to file a financial audit along with their Form 5500 should know how regulators use the information and how to pick the best auditor.
Reported by Lee Barney
Art by Ryan Peltier
Any retirement plan with 100 or more participants must be independently audited by a certified public accountant (CPA) firm and include those findings along with the annual Form 5500 it electronically files with the Department of Labor (DOL), which in turn, shares it with the Internal Revenue Service (IRS).
It is imperative that plan sponsors work with qualified CPA firms since the “2015 Assessing the Quality of Employee Benefit Plan Audits” from the DOL found that 39% of plans that were audited had either unacceptable or major deficiencies, says Anne Morris, employee benefit plan practice leader at Windham Brannon in Atlanta. And the auditor must use Generally Accepted Accounting Principles (GAAP), says David Guadagnoli, a partner at Sullivan & Worcester in Boston.
The Form 5500, which includes the audited financial statements, is used by the DOL, IRS and, in the case of a defined benefit plan, the Pension Benefit Guaranty Corporation (PBGC), Guadagnoli adds. “The idea is that Congress felt that the plan administrator, the government and participants needed financial statements reviewed by an independent auditor to make sure retirement plans are properly managed for participants,” he says.
Essentially, “the whole idea of the audit is to ensure that a plan is being run in accordance with its plan documents,” adds Jennifer Moore, director of 401(k) audit service at PriceKubecka LLC in Addison, Texas. The agencies also want to make sure that “plan participants aren’t being defrauded,” adds Robert Forni, a partner at Ropers, Majeski, Kohn & Bentley in San Francisco.
There are two main types of audits that are permissible: limited scope and full scope, Morris says. A limited-scope audit is more focused on the participants in the plan, to ensure that their accounts are correct, whereas a full-scope audit delves into more detailed testing of the plan investments, Morris says.
To qualify for a limited scope audit, “the qualified institution holding the assets of the plan [must] certify the ‘completeness and accuracy’ of the reports,” Morris says.
“The areas of focus and testing in both types of audits include: contributions (employee and employer), distributions, participant eligibility testing, and investment income allocation to participant accounts,” she continues. “During the audit, samples of participants are selected in these areas and then tested. Tests are included to recalculate employee and employer contributions and to ensure the participant deferral percentages are correct and that the participant was allocated the correct amount of earnings based on the investments they have chosen in their account.” Distributions, vesting and forfeitures are tested, as well, Morris adds.
The audited financial statement package always includes an auditor opinion letter at the beginning from the accountant explaining the scope of his work, Guadagnoli says. This is followed by the financial statements and any necessary explanatory footnotes.
“The financial statements show changes in assets and liabilities over the preceding year, such as employer contributions, employee contributions, expenses and distributions,” Guadagnoli says. The organization of audited financial statements will look pretty much the same for every retirement plan, he says. However, a plan that holds illiquid assets, such as limited partnerships, real estate or private equity, may require more information relating to valuation, he says.
Should the audit find that, for instance, employee contributions were not made in a timely basis, the DOL expects plan sponsors to “calculate what the employees lost out on and pay that back into the plan to make them whole,” Moore says.
The DOL is not only concerned that contributions are made on a timely basis; it wants to see that “if any tasks were done incorrectly, that the proper steps were taken to fix the issues,” says Tom Foster, national spokesperson for workplace solutions at MassMutual in Enfield, Connecticut.
The financial audit may uncover red flags for regulators. These include “not keeping plan documents up to date, not following plan documents, incorrect definitions of compensation, not remitting contributions in a timely basis, not filing Form 5500 on time, and not overseeing hardship withdrawals and loans properly,” Forni says. If these mistakes are made, it can trigger further audits by the IRS, DOL or both, he says.
DOL’s rule on when to send in 401(k) deferrals “is a little ambiguous,” Moore concedes. That is why her firm believes it is a best practice to submit the payments at the same time the sponsor submits their payroll taxes, she says.
“Another relatively new DOL focus is missing participants,” Morris notes. “Missing participants are those who have not kept their address information current and could result in participants losing track of their benefits and account information. It is the plan sponsor’s responsibility to make an attempt to track down these missing participants, and the DOL will question how this is being done.”
Use of the Data
“The Form 5500 series and audits are important compliance, research and disclosure tools for the DOL and a source of information and data for use by other federal agencies, Congress and the private sector in accessing employee benefit, tax and economic trends and policies,” Foster says.
“The DOL uses the information by data mining to determine if there are patterns that can help show which types of plans might commonly be non-compliant,” he continues. “The DOL also uses the information to determine the scope and breadth of retirement plan offers and uses among companies in geographic locations, by size and by other indicators such as industry.”
Qualities of a Sound Auditor
As to what to look for in a CPA firm, it is important to find one that specializes in retirement plan audits, as “this is a complicated field,” Forni says. “It isn’t going to be your run-of-the-mill CPAs.”
Morris recommends that sponsors look for firms that have conducted at least 100 audits. That said, the DOL will be concerned if it finds that the auditing firm conducts too many audits a year, Moore adds. In addition, the American Institute of Certified Public Accountants (AICPA) has a Plan Audit Quality Center that offers ongoing education on retirement plan audits, she adds. All PriceKubecka accountants that conduct retirement plan audits undergo this annual training, she says.Sponsors should ask several questions of a potential auditor, such as whether they work with plans similar to theirs, Foster says. “What is the cost of the service and what, specifically, do they cover? Who in the firm will be performing the majority of the day-to-day work and what are their qualifications and experience? Who will review and have final sign-off on the audit and what are their qualifications and experience?”
It is also important to ask whether accountants at the CPA firm can be reached via phone to answer questions, Moore says.
CPA firms’ fees for retirement plan audits “vary significantly,” Guadagnoli says. “You can pay relatively little or a fair amount of money. It depends in part on the market you are in and your own negotiations with the auditor.”
It may not be in the best interest of sponsors to simply look for the least expensive retirement plan auditor, as that could lead to errors and the possibility of needing to hire yet a second auditor, Moore says. “You may not get as good of an audit, which could set you up for fiduciary risk.”
