401(k) Audits - Procedures, Internal Controls & Compliance

A 401(k) audit is an examination of a company’s retirement benefit plan to ensure compliance with the regulations set forth by the Employee Retirement Income Security Act (ERISA). These audits are typically conducted by an independent auditor to verify the accuracy and completeness of the financial statements of the plan, as well as to ensure that the plan is being  administered in accordance with the legal regulations and the constitution documents laying out the framework and details of the plan.

During a 401(k) audit, various aspects of the plan are reviewed by the auditor, including participant eligibility, contributions, distributions, investments, and administrative procedures. They will also assess the internal controls and compliance with ERISA reporting and disclosure requirements.

Key regulations

There are certain key regulations that need to be complied with by the auditor while carrying out a 401(k) audit. These are:

1. ERISA: This sets forth the minimum standards for pension plans in the private sector, including 401(k) plans. It outlines fiduciary responsibilities, reporting and disclosure requirements, and participant rights. Written plan documents must outline plan terms in detail and amendments must be made in accordance with ERISA. Compliance with ERISA is crucial to avoid penalties and ensure financial security of the participant to the plan. A 401(k) audit examines these aspects to ensure adherence to ERISA standards.
2. Department of Labor (DOL) Regulations: The DOL issues regulations and guidance related to ERISA compliance, plan administration, reporting, and disclosure requirements. This includes regulations governing fiduciary duties, prohibited transactions, and reporting and disclosure obligations.
3. Internal Revenue Code (IRC): The IRC contains provisions related to the tax treatment of retirement plans, including 401(k) plans. It specifies eligibility requirements, contribution limits, distribution rules, and plan qualification requirements for tax-exempt status.

Key audit processes

In a 401(k) audit, auditors perform various procedures to evaluate the accuracy of financial statements, compliance with regulations, and the effectiveness of internal controls. Here are some common audit procedures:

1. Review of Plan Documents: Auditors examine the plan documents, including the plan agreement and any amendments, to understand the terms and provisions of the plan and ensure compliance with legal requirements. The plan documents cannot override the statutory regulations prescribed by the government and cannot have any provision or clause which is not in conformity with or in accordance of the relevant regulations. It is critical to ensure that any discrepancies or potential compliance issues are brought to light. This could include errors in participant eligibility, contribution calculations, vesting, or other plan provisions.
2. Testing of Participant Data: Auditors select a sample of participant accounts and verify the accuracy of participant data, including contributions, distributions, and loan transactions. They ensure that transactions are properly authorized and processed in accordance with plan provisions and regulatory requirements. Selection of the sample must follow the standard practices and should not be arbitrary, so as to enable the auditor to derive reasonable comfort from the testing of the selected sample.
3. Confirmation of Plan Assets: Auditors confirm the existence and valuation of plan assets by obtaining confirmations from custodians, trustees, or investment managers. They verify that assets are held in accordance with the investment policy statement of the plan and that income and gains/losses are accurately recorded. Valuation of the plan assets and mark-to- market are critical to assess the adequacy or otherwise of the plan assets.
4. Review of Contributions and Matching Contributions: Auditors test the accuracy and timeliness of employer and employee contributions to the plan. They verify that contributions are calculated correctly, deposited timely into participant accounts, and comply with contribution limits set by the IRS.
5. Testing of Internal Controls: Auditors assess the effectiveness of internal controls related to the administration of the plan. This includes evaluating processes for enrolling participants, processing contributions, handling distributions, and safeguarding plan assets.
6. Compliance Testing: Auditors perform various compliance tests required by the IRS and the DOL. These tests include nondiscrimination testing to ensure that contributions and benefits do not favor highly compensated employees, as well as top-heavy testing to determine if key employees receive a disproportionate share of plan benefits.
7. Review of Investment Transactions: Auditors review investment transactions, including purchases, sales, and valuation of plan investments. They ensure that investment transactions are properly authorized, accurately recorded, and comply with the investment policy statement of the plan.
8. Evaluation of Reporting and Disclosures: Auditors review the financial statements of the plan and required disclosures to ensure compliance with ERISA, accounting standards and other regulatory requirements. They verify that financial statements fairly present the financial position and results of operations of the plan and that required disclosures are complete and accurate.
9. Issue of Report: Once the audit is complete, the auditor issues a report summarizing their findings and opinions regarding the plan’s financial statements and compliance with ERISA requirements. If any issues or discrepancies are identified during the audit, the plan sponsor may be required to take corrective actions to address them.

Risks & Challenges

Auditing a 401(k) plan involves assessing compliance with regulations and ensuring accurate financial reporting. Here are some risks and challenges commonly encountered during 401(k) audits:

1. Regulatory Compliance: Keeping up with constantly evolving regulations from bodies like the DOL and the IRS is challenging. Failure to comply can result in penalties and legal consequences.
2. Documentation Errors: Incomplete or inaccurate documentation of plan transactions, participant data, and administrative procedures can lead to compliance issues during the audit.
3. Investment Issues: Evaluating the plan’s investment options and ensuring they comply with the plan’s investment policy statement and ERISA guidelines can be complex. Failure to follow investment guidelines can result in fiduciary breaches.
4. Participant Contributions and Withdrawals: Verifying the accuracy of participant contributions, loans, and withdrawals can be challenging, especially with large participant populations. Errors in these areas can lead to incorrect financial reporting and compliance issues.
5. Fiduciary Responsibility: Ensuring that plan fiduciaries fulfill their duties prudently and solely in the interest of participants is essential. Any breaches of fiduciary duty can result in legal liabilities.
6. Employee Education and Communication: Lack of participant understanding of the plan’s rules and investment options can lead to various issues. Proper communication with and education to the participant are essential to mitigate this risk.
7. Third-Party Service Providers: Many 401(k) plans rely on third-party service providers for record-keeping, administration and investment management. Ensuring the quality of services provided by these vendors and compliance with regulations by each such vendor is crucial.
8. Data Security: Protecting sensitive participant data from security breaches is of utmost importance. Ensuring that appropriate safeguards are in place to prevent unauthorized access to participant information is essential.
9. Plan Termination: Terminating a 401(k) plan requires careful planning and execution to ensure compliance with regulations and minimize potential liabilities for plan sponsors.
10. Emerging Risks: With the changing landscape of retirement plans and evolving regulatory requirements, new risks may emerge. Staying abreast of industry trends, emerging risk factors affecting the plan and keeping abreast with economic and regulatory updates is essential to effectively manage these risks.

Conclusion

A 401(k) audit serves as a vital tool for ensuring legal compliance, fiduciary responsibility, participant protection, risk management, and ongoing improvement of the retirement benefit plan of the company.

A thorough and effective 401(k) audit provides assurance to both plan sponsors and participants that the retirement plan is being operated responsibly, transparently, and in accordance with the highest standards of integrity, as well as ensuring that the proposed retirement benefits are actually available to the participant.