What Documentation Is Needed for a 401k Audit?

A 401(k) audit is an independent review of a company’s retirement plan, conducted by a third-party accounting firm. This audit serves to ensure the plan operates in compliance with the Employee Retirement Income Security Act (ERISA) and Department of Labor (DOL) regulations. It also protects the interests of plan participants by verifying the accuracy of the plan’s financial statements and operations. The process involves a thorough examination to confirm the plan meets established guidelines and regulations.

Determining Audit Eligibility

A 401(k) plan requires an annual audit if it qualifies as a “large plan” for Form 5500 filing purposes, typically meaning 100 or more participants with account balances at the beginning of the plan year. This participant count includes active employees, as well as retired, deceased, or separated employees who still maintain a balance within the plan.

Department of Labor regulations, specifically ERISA Section 103, mandate these audits for large plans. An exception is the “80-120 Participant Rule” for plans hovering around the 100-participant threshold. If a plan had between 80 and 120 participants at the start of the plan year and filed as a “small plan” in the prior year, it may continue to file as a small plan and avoid an audit.

Required Information and Documentation

Preparing for a 401(k) audit requires gathering specific information and documentation for the auditor. Organizing these materials diligently before the audit begins helps ensure a smooth process. Auditors review categories of documents to form an opinion on the plan’s financial statements and compliance.

Plan documents define the framework of the retirement plan. This category includes the current plan document, any adoption agreements, and all amendments. The IRS determination or opinion letter, which confirms the plan’s qualified status, is also a document. Additionally, the Summary Plan Description (SPD) and any Summary of Material Modifications (SMM) must be available.

Financial records detail the plan’s monetary activities and asset holdings. Auditors request participant statements, the plan’s trust financial statements, and the general ledger. Bank statements and investment statements from custodians or recordkeepers verify asset existence and valuation. Reconciliation reports and payroll records, detailing employee and employer contributions, confirm proper funding and allocation.

Participant data is needed for testing eligibility, contributions, and distributions. This includes census data, which lists employees’ hire and termination dates, compensation, and contributions. Auditors examine beneficiary designations, loan agreements, hardship withdrawal requests, and qualified domestic relations orders (QDROs) to ensure proper processing and compliance. Supporting documents like I-9 forms or enrollment forms for selected participants verify demographic information and eligibility.

Operational records show how the plan is managed. Service provider contracts with recordkeepers, third-party administrators (TPAs), and custodians clarify roles and responsibilities. Fee disclosures are reviewed. Documentation of internal controls, such as procedures for payroll, eligibility, and distributions, helps auditors assess plan operations.

Board or investment committee meeting minutes related to the plan, along with information on the fidelity bond, are requested to confirm oversight and protection. An ERISA fidelity bond is required to protect the plan from losses due to fraud or dishonesty.

Conducting the Audit

Once documentation is provided, the auditor begins fieldwork. An independent certified public accountant (CPA) conducts the audit, ensuring objectivity and adherence to Generally Accepted Auditing Standards (GAAS). The auditor expresses an opinion on whether the plan’s financial statements are presented fairly and whether the plan is operating in compliance with applicable regulations.

During this phase, auditors test the accuracy and compliance of plan operations. This includes sampling and testing contributions, distributions, participant eligibility, and investment valuations. They also review internal controls established by the plan administrator to safeguard assets and ensure accurate recordkeeping. The auditor assesses how the plan handles transactions, such as the timely remittance of employee deferrals and loan repayments to the plan.

Auditors may request additional information as they conduct their testing and discuss any discrepancies or issues identified with plan management. These discussions clarify findings and address non-compliance. Upon completion of the fieldwork, the auditor issues a management representation letter. This letter, signed by plan management, confirms the accuracy and completeness of information provided.

Reporting and Filing Requirements

After fieldwork and the audit report are complete, the plan sponsor must fulfill filing requirements. The audit report is a component of the annual Form 5500 filing, which is submitted to the Department of Labor. Specifically, the audited financial statements and the independent auditor’s report must be attached to Schedule H of Form 5500.

For calendar year plans, the standard filing deadline for Form 5500 is July 31st of the year following the plan year end. An automatic extension of two and a half months can be obtained by filing IRS Form 5558 before the original deadline, extending the due date to October 15th for calendar year plans. The timely submission of the Form 5500 with the attached audit report is necessary for compliance.

Form 5500 filings, including the attached audit report, are public documents accessible through the Department of Labor’s website. Failing to meet these filing obligations or submitting an inadequate audit report can lead to penalties. The IRS can impose civil penalties of approximately $250 per day for late Form 5500 filings, up to a maximum of $150,000. The Department of Labor can assess civil penalties, which can be as high as approximately $2,500 per day with no set maximum limit. These penalties can accumulate rapidly.