What Is a 401k Audit and When Is One Required?

A 401(k) audit is a specialized examination of a company’s retirement benefit plan, ensuring it adheres to its written terms and complies with regulations from the Employee Retirement Income Security Act (ERISA), the Department of Labor (DOL), and the Internal Revenue Service (IRS). Auditors verify the accuracy and completeness of the plan’s financial statements. The primary purpose of this audit is to protect the benefits of plan participants and maintain the plan’s overall compliance with federal mandates.

When an Audit is Required

A mandatory 401(k) audit is triggered by the number of participants in the plan. A 401(k) plan must undergo an audit if it has 100 or more participants with account balances at the beginning of the plan year. This participant count includes current employees contributing or receiving employer contributions, as well as terminated, retired, or deceased participants who still have account balances within the plan.

An exception to the 100-participant rule is the “80-120 participant rule.” This rule allows plans with between 80 and 120 participants at the beginning of the plan year to file their annual Form 5500 in the same category (large or small plan) as the prior year’s filing. However, once the participant count exceeds 120, the plan is required to file as a large plan and undergo an audit.

Understanding the Audit Scope

Auditors examine various aspects of a 401(k) plan’s operations to ensure financial integrity and regulatory adherence. A central component is the examination of the plan’s financial statements, including the statement of net assets available for benefits and the statement of changes in net assets available for benefits. Auditors verify the valuation of investments, verify contributions received, and reconcile distributions and benefit payments made to participants.

The assessment extends to the plan’s internal controls to safeguard financial reporting, participant data, and transactional processes. Auditors scrutinize compliance with the plan’s written document and any amendments, ensuring the plan operates as designed. Adherence to federal regulations, such as ERISA, DOL regulations, and IRS codes, is checked, covering areas like participant eligibility, vesting schedules, contribution limits, and the timely deposit of employee deferrals.

Auditors also review participant data, including eligibility, contributions, distributions, loan activity, and beneficiary designations. A sample of transactions is tested to confirm they align with plan provisions and regulatory requirements. Agreements and activities with external service providers, such as third-party administrators (TPAs), recordkeepers, custodians, and investment managers, are also reviewed to ensure proper oversight and execution of their responsibilities.

Preparing for an Audit

Preparation helps ensure a smooth 401(k) audit. Plan sponsors should gather and organize documentation well in advance of the audit’s start date. This includes the current plan document and all amendments, the trust agreement or custodial agreement, and the Summary Plan Description (SPD). Prior year’s Form 5500 filings and accompanying audit reports are needed.

Financial records for the current audit period are required, such as the plan’s balance sheet, income statement, and statement of changes in net assets available for benefits. Participant census data, including eligibility dates, deferral elections, and compensation information, must be readily available. Payroll records and reports detailing the remittance of contributions to the plan should also be prepared.

Plan sponsors should compile:

• Investment statements and valuations from the plan’s custodian.
• Documentation for all distributions and loan activity, along with service provider contracts for entities like TPAs, recordkeepers, and investment advisors.
• Evidence of internal controls over plan operations and the results of non-discrimination testing, such as ADP/ACP tests.
• Relevant board resolutions or committee meeting minutes pertaining to the plan’s administration.

The Audit Process

The 401(k) audit process begins with an engagement and planning phase involving the plan sponsor and independent auditor. The initial stage involves discussing the audit scope, establishing timelines, and formalizing the engagement through a signed letter. Auditors conduct a risk assessment to identify areas requiring more focused attention, tailoring their approach to the characteristics of the plan.

The core of the audit involves fieldwork and testing, where auditors gather evidence. This includes testing financial transactions like contributions from employees and employers, distributions to participants, and investment activities. Auditors also review participant data, including eligibility and enrollment, through sampling techniques to ensure accuracy and compliance. They assess the effectiveness of the plan’s internal controls, often by examining procedures and documentation related to financial reporting and data management.

Auditors may conduct interviews with plan personnel and service providers, such as third-party administrators and recordkeepers, to gain a deeper understanding of operational processes and controls. Throughout the fieldwork, auditors communicate preliminary findings and discuss any identified control deficiencies or potential adjustments with plan management. This ongoing dialogue allows for clarification and the opportunity for the plan to address issues before the final report is drafted. The final stage involves the preparation of the formal audit report, incorporating all findings and conclusions.

Audit Outcomes and Reporting

The culmination of a 401(k) audit is the issuance of an audit opinion, providing an independent assessment of the plan’s financial statements and compliance. An “unqualified” or “clean” opinion indicates that the financial statements are presented fairly in all material respects and that the plan is operating in accordance with ERISA and its plan document. Other opinions, such as “qualified,” “adverse,” or a “disclaimer of opinion,” signify various levels of material misstatement or scope limitation.

In addition to the formal audit opinion, auditors may issue a separate management letter. This letter outlines internal control deficiencies observed during the audit and provides recommendations for operational improvements. While not part of the official audit report, these recommendations can help plan sponsors strengthen their administrative processes and enhance compliance.

The audit report, including the financial statements and the auditor’s opinion, must be attached to the plan’s annual Form 5500 filing. This filing is submitted electronically to the DOL and IRS. For calendar year plans, the Form 5500, with the attached audit report, is due by July 31st of the following year, though an extension can be filed to October 15th.