An employee benefit plan (EBP) that has over 100 participants is required to have an audit to accompany the filing of its Form 5500. Many CFOs consider these audits unnecessary and delegate the audit process to the controller or human resource manager.
What many finance chiefs don’t realize, however, is that in doing so they are ceding all control of the management of a risk that can come back to bite them personally. Failure to submit an EBP audit that meets standards can result in the U.S. Department of Labor bringing civil action against the plan sponsor and/or fining the sponsor up to $1,100 a day without limit. In such cases, the plan sponsor often incurs legal fees and spends a significant amount of time trying to resolve the situation.
The Employee Retirement Income Security Act (ERISA) requires plan administrators to ensure that plan financial statements are audited in accordance with Generally Accepted Auditing Standards, and that they are presented in accordance with Generally Accepted Accounting Principles, both of which are specialized for EBPs. Hiring an auditor is considered a fiduciary obligation, and failure to properly fill that obligation may result in personal liability for the officers of the plan sponsor – including the CFO.
In May, the DOL released a study titled “Assessing the Quality of Employee Benefit Plan Audits” that concluded that 39% of the audits inspected were deficient, up from 19% in 1997. To limit their firm’s risk exposure, CFOs of companies that sponsor plans should challenge their auditors to ensure they are providing quality audits that meet standards.
Finance chiefs would do well to get a firm grasp of the responsibility plan sponsors have concerning EBP audits and stay in touch with the process from preparation through conclusion, zeroing in on such issues as the timely remittance of contributions, the testing of demographic data, and hardship withdrawals.
Plan sponsors have the fiduciary responsibility to transmit employee contributions to the plan “as of the earliest date on which such contributions can reasonably be segregated from the employer’s general assets,” according to the Code of Federal Regulations. The lack of a bright-line rule for large filers (generally defined as those with over 100 participants) creates ambiguity in testing. Generally, the auditor will consider the sponsor’s ability to remit tax payments and the sponsor’s general history of remittance.
To avoid issues in the future, the sponsor should set up automatic remittance from its payroll company to the plan. Often sponsors have overly complicated systems that involve sending checks to a third-party administrator before it gets to the trust company, or being dependent on one employee who may have other responsibilities or may be out of the office on the day the contributions need to be remitted.
Those manual functions often do not add value and put the sponsor at risk for remitting participant contributions late. In addition, the trustee should review reports from the trust company to catch any late contributions early in the year, and put corrective action in place as soon as possible. All identified late contributions should be fixed through the DOL’s Self Correction Program or its Voluntary Fiduciary Correction Program.
The sponsor is required to keep an accurate census of plan participants and amass appropriate supporting documentation. The census is used as a basis for such plan decisions as those involving inclusion and exclusion from the plan, eligibility for employer contributions, vesting, and benefit payments. A sponsor that neglects this responsibility may have an inaccurate census or inadequate supporting documentation. The auditor must read the plan document to determine which demographic criteria are necessary to test. Common demographic attributes that need to be tested are dates of birth, sex, dates of hire, and dates of termination.
To improve the quality of the census and documentation of demographic data, the sponsor should conduct internal audits on the census. The human resources manager should test a certain number of employees in the census each month by inspecting personnel files and comparing the demographic data in them against the census, just as an auditor would. If the human resource functions are decentralized, the manager should test different locations and compare the record keeping policies at each location. Tone at the top is critical, as the people maintaining these records may be transient.
Hardship withdrawals are intended to be a last resort for participants to withdraw funds from their retirement plan. The requirements necessary to take a hardship withdrawal are clearly stated in the plan document and in ERISA guidelines. Also, the hardship withdrawal must be approved by the appropriate level of the plan’s management. Occasionally, a participant may need money, but may not specifically meet the specifications of a hardship withdrawal. For example, either the participant may not have claimed one of the specified reasons for qualifying for a hardship or hasn’t taken the maximum number of loans the plan allows. The participant can only withdraw employee contributions (not earnings or employer contributions), and is restricted from making contributions for the next six months. Management may not be aware of these rules under ERISA, and issue the hardship in violation of them.
Many plan sponsors aren’t aware that hardship withdrawals expose them to additional auditing procedures and regulations. The plan sponsor should have the proper procedures in place to challenge all participant assertions that they qualify for a hardship withdrawal. Further, the plan’s trustees should review activity each period to make sure that they are aware of all hardship withdrawals.
Adam S. Lilling is a partner of Lilling & Company, a firm that specializes in auditing employee benefit plans.