How to Choose a 401(k) Plan Auditor

CFOs must be careful in making this choice, because there may be issues of penalties and personal legal liability.
Robert J. RojasOctober 18, 2016
How to Choose a 401(k) Plan Auditor

For startup companies or others that are putting a 401(k) plan in place, the details may seem endless.

Generally, audits of such plans with 100 or more participants are required as part of the Form 5500 filing for employee benefit plans. For 2015, the instructions for the form ran 82 pages. By comparison, the instructions for Form 1120 for corporate tax returns were only 26 pages.

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

The regulatory environment, which effectively encompasses the IRS, the Department of Labor, and possibly state regulators, is a unique world with a stream of new regulations that may seem endless as well.

The DoL looks at fiduciary standards, reporting and disclosure requirements, and its own meticulous rules. The Internal Revenue Service and its specialists are looking at the plan’s qualified status and potential tax issues.

The regulators look at not only what’s in the plan, but also what’s not in it, when the assets got there, the composition of those assets, the reasonableness of fees that reduced those assets, plan liabilities, whether proper controls are in place, and on and on. The DoL may, for example, be concerned with such details as how many days the employer is taking to get withheld payroll funds into the plan.

Choose an Auditor Carefully

For all of those reasons and more, selecting an auditor is a key aspect of running a plan. Those charged with the task should understand the complexities and risks involved in making the choice.

It is also important to document the reasons for the choice. One reason should be that the auditing firm has significant expertise commensurate with the complexities of the task. While regulators don’t pick the auditor, they figuratively look over the plan administrator’s shoulder and express concerns when they see auditor’s reports or financial statements they consider inadequate or incomplete, if not erroneous.

The auditor has to understand it all: tax rules, DoL rules, the 401(k) plan with its myriad choices, the accounting system, common problem areas, and controls.

When the plan administrator picks an auditor, major penalties and fines are a significant worry because it is a major fiduciary responsibility. A typical problem scenario is that the plan’s decision-makers hire the same firm that audits the company’s financials, when that firm’s experience and training commitments aren’t sufficiently focused on 401(k) plans.

It’s possible for the plan administrator to incur penalties exceeding $50,000 in connection with 401(k) audit failures.

The regulators normally look at the plan’s expenses with a view that lower expenses benefit plan participants. However, there are occasions when regulators express a view that higher auditing fees would have benefited participants, because audit quality and auditor experience didn’t meet the needs of the plan.

Large accounting firms sometimes refer 401(k) work to smaller firms, if they know the firm has the expertise and diligence, because from a practical standpoint middle-market plans may not be able to afford the big firms’ fees. Smaller accounting firms with significant expertise in 401(k) plans may make referrals to the larger firms when aspects of the work require a particular expertise or group of resources.

Spotting a Deficient Auditor

Ian Dingwall, chief accountant of the Employee Benefits Security Administration, has noted four characteristics of “deficient auditors”: inadequate technical training and knowledge; lack of awareness of the unique nature of auditing employee benefit plans; lack of quality control on audit processes; and a failure to understand the requirements for limited-scope audits.

The limited-scope concept involves the elimination of certain audit procedures for investments held by banks, similar institutions, or insurance carriers.

The auditing firm, prior to undertaking the engagement, should be able to demonstrate preparation that focuses on the specialized nature of the audit. Such preparation could include successful experience with other 401(k) plan audits within this firm or its auditors’ prior employers; continuing education on this specialized topic; checklists and reference materials; and in-house training.

And as with any audit, the auditor should be able to perform a detailed risk assessment of the plan’s financial reporting and operations and to perform detailed audit procedures. This is more than simply reconciling schedules to the financial statements. Rather, it involves reviewing documents that support amounts and transactions shown in those schedules to ensure they were both properly recorded and are in accordance with both plan provisions and DOL and ERISA guidelines.

Stats Not Nice

In a DoL study, released last year, of Form 5500 filings for 2011, “major deficiencies” were found in 39% of 401(k) plan audits. The deficiency rate was 76% among audits by firms that did only one or two such audits.

The complexities are such that the IRS has an Employee Plans Compliance Resolution System (EPCRS) and website devoted to the topic of fixing plan mistakes. Fixing mistakes comes with special forms and user fees.

The DoL recommends that the plan administrator keep a written record of the process followed in choosing service providers and the reasons for their selection of a particular provider.

Complex Tax Environment

Some admixture of accounting and tax backgrounds is needed to do Section 401(k) audits. While the plan is exempt from taxation, there are nonetheless potential tax issues, involving both unrelated business income tax possibilities and sundry excise taxes.

There are myriad tax rules that the auditor must understand in auditing the plan, such as limits on employee compensation that can be taken into account when figuring contributions, vesting rules for employee accounts, and rules distinguishing deferrals from employee earnings and employer contributions. Employee contributions must always be 100% vested, but that may not true for employer contributions, depending on the terms of the plan.

The regulatory environment suggests that in the future, there may be even closer scrutiny of auditors and their processes for auditing 401(k) plans, as well as those charged with the responsibility of selecting the auditing firm.

Upper management, usually the CFO, has to understand the complexities, the potential penalties, and the concerns of regulators in both picking an auditing firm and managing internal resources in a way to assure the best controls and a successful audit. These are important ingredients for having a successful 401(k) plan.

Robert J. Rojas is the owner of Rojas & Associates, a regional accounting firm in California.