What Is an ERISA Audit and Do I Need One?

An Employee Retirement Income Security Act (ERISA) audit is an annual examination of an employee benefit plan’s financial records, mandated by the Department of Labor (DOL). Its primary function is to verify that the plan is managed in the best interest of its participants and beneficiaries. This independent review ensures the plan’s assets are safeguarded and that its financial statements are presented fairly. The audit confirms the plan’s operational integrity and compliance with federal law.

Determining the Audit Requirement

The need for an ERISA audit is linked to the number of participants in a company’s benefit plan. Generally, if a plan has 100 or more participants on the first day of the plan year, it is classified as a “large plan” and must undergo an annual audit. This threshold triggers compliance duties designed to protect the financial health of plans affecting many employees. Plans with fewer than 100 participants are considered “small plans” and are exempt from this requirement.

A significant exception is the “80-120 Participant Rule,” which provides relief for growing businesses. Under this provision, if a plan had between 80 and 120 participants at the start of the plan year and filed as a small plan in the previous year, it can continue to file as a small plan and forgo the audit. This allowance continues until the participant count exceeds 120 at the beginning of a plan year, at which point the audit becomes mandatory.

Correctly counting participants is part of determining the audit requirement. A change in methodology simplifies this count for many defined contribution plans, such as 401(k)s. For plan years beginning in 2023, the count is based on the number of individuals with an account balance in the plan. This includes active employees, separated or retired former employees with a balance, and deceased participants with beneficiaries.

This updated counting method means that employees who are eligible to participate but have not enrolled and have no account balance are no longer included in the total. This change, stemming from the SECURE Act, may result in some plans previously classified as large to now be considered small. This waives the audit requirement for those plans.

Preparing for the Audit Engagement

Preparation for an ERISA audit hinges on gathering comprehensive documentation before the auditors begin their work. Organizing these records can streamline the process for both the plan sponsor and the CPA firm.

The required documents provide the evidence needed to verify the plan’s financial health and operational compliance. Key documentation includes:

• Plan governance records: This includes the fully executed plan document, the associated adoption agreement specifying employer-selected features, all plan amendments, and the IRS determination or opinion letter that confirms the plan’s tax-qualified status.
• Financial information: This includes the plan’s annual financial statements, year-end investment statements from the trust custodian, and proof of a valid ERISA fidelity bond. This bond protects the plan against losses caused by acts of fraud or dishonesty.
• Participant data: A complete employee census is needed, listing all employees with data points like dates of birth, hire, and termination, as well as compensation details. Corresponding payroll records must be provided to trace employee and employer contributions to the plan’s trust account.
• Transaction and service provider records: This includes documentation for all distributions, rollovers, loans, and any hardship withdrawals processed during the plan year. Contracts with the plan’s Third-Party Administrator (TPA), investment custodian, and other service providers must also be supplied.

The Audit Process with Your CPA Firm

Once all necessary documentation is gathered, the formal audit process begins. The first step involves selecting a qualified auditor. The Department of Labor mandates that employee benefit plan audits be conducted by an independent qualified public accountant, and it is beneficial to choose a firm with specific experience in this specialized area.

The engagement officially commences with the signing of an engagement letter. This document is a formal contract that outlines the scope of the audit, the responsibilities of both the auditor and the plan sponsor, the objectives of the engagement, and the associated fees. It establishes clear expectations for the work to be performed.

With the engagement formalized, the auditors proceed to fieldwork and testing. Auditors do not check every single transaction; instead, they test a representative sample to draw a conclusion about the plan as a whole. This includes verifying that contributions were calculated correctly and remitted to the trust in a timely manner. It also includes checking that distributions and loans were made in accordance with the plan’s governing documents and IRS regulations.

Throughout the fieldwork, auditors will review the plan’s internal controls, which are the procedures the company has in place for proper plan administration. This might involve assessing how transactions are approved or how participant data is secured. Auditors will raise questions and request clarifications as they arise, and the plan sponsor can provide additional information to resolve any potential findings.

The Auditor’s Report and Form 5500 Filing

The culmination of the audit is the independent auditor’s report, which presents the CPA firm’s opinion on the plan’s financial statements. The most common outcome is an “unqualified” opinion, indicating the financial statements are presented fairly in all material respects. Other types of opinions include a “qualified” opinion, issued when there is a limitation on the audit’s scope, or an “adverse” opinion, signifying the statements are not fairly presented. A “disclaimer of opinion” is issued when the auditor cannot form an opinion.

After the auditor’s report is finalized, the plan sponsor must complete the final compliance step. The complete audit report must be attached to the plan’s annual Form 5500, the “Annual Return/Report of Employee Benefit Plan.” Filing a Form 5500 for a large plan without the required audit report is considered an incomplete filing and can lead to significant penalties from the DOL.

The entire package, consisting of the Form 5500 and the attached audit report, must be filed electronically with the Department of Labor through the EFAST2 system. The standard deadline for this filing is the last day of the seventh month following the end of the plan year. For a calendar-year plan, this deadline is July 31. An extension can be requested by filing Form 5558, which pushes the deadline back by two and a half months.