When Is a 401k Audit Required for Your Plan?

A 401(k) audit is an independent examination of a retirement plan’s financial statements and operations. This process ensures the plan complies with regulations set by the Department of Labor (DOL) and the Internal Revenue Service (IRS) under ERISA. The audit also verifies that the plan’s financial statements accurately present its financial position and activities. It provides oversight for participants’ retirement savings.

Participant Count and Audit Triggers

A 401(k) plan generally requires an annual audit when it has 100 or more participants at the beginning of the plan year. This count includes active employees with account balances, former employees who still hold balances, and beneficiaries receiving benefits.

The participant count is determined on the first day of the plan year. An exception, the “80-120 rule,” provides flexibility for plans around the 100-participant mark. This rule allows a plan with between 80 and 120 participants to file in the same category (small or large plan) as it did in the previous year.

This means a plan with 110 participants might avoid an audit if it filed as small last year. Conversely, a plan with 90 participants might still require an audit if it filed as large last year. Once a plan exceeds 120 participants, it must file as a large plan and undergo an audit. A new 401(k) plan typically avoids an audit in its first year if it has fewer than 100 participants at the start of its second year.

Conditions for Audit Exemption

Several conditions can exempt a plan from the 100-participant audit requirement. Plans with fewer than 100 participants are generally exempt if they meet certain conditions, often called the “small plan audit waiver.” To qualify, plan assets must typically be held by a qualifying institution, like a bank or insurance company, and specific disclosures provided to participants.

Another exemption applies to “one-participant plans,” also known as “owner-only plans.” These plans are not subject to audit, regardless of asset size. A one-participant plan generally covers only the owner and their spouse, or partners and their spouses, with no common law employees.

These exemptions reduce administrative burden for smaller plans, as financial institution oversight and owner involvement mitigate risks. However, plan sponsors must still ensure compliance with all other ERISA and IRS regulations, even if an audit is not required.

Information and Documents for an Audit

A 401(k) audit requires a comprehensive set of documents and financial information. Auditors need access to the plan’s official documents, including the current plan document, any amendments, the adoption agreement, and the trust agreement. An IRS determination letter confirms the plan’s qualified status.

Financial records are central to the audit, encompassing participant contribution reports, investment statements, and records of all distributions and loan activities. Expense records, bank statements, and the general ledger provide a complete financial picture of the plan’s operations.

Participant-specific data is crucial. This includes census data detailing eligibility, entry dates, and compensation for all participants. Beneficiary designations and participant deferral elections are also reviewed.

Auditors examine annual compliance testing results, including non-discrimination testing, top-heavy testing, and Internal Revenue Code Section 415 limits. These tests ensure the plan operates fairly and within regulatory contribution limits. Fiduciary documents, such as the investment policy statement, committee meeting minutes, and contracts with service providers (e.g., TPAs, recordkeepers, custodians), are also reviewed.

The Audit Procedures and Outcomes

Once all necessary information and documents are compiled, the independent auditor begins the 401(k) audit process. The process begins with an engagement letter and planning to define the audit’s scope and timeline. Auditors review the plan’s internal controls, assessing procedures for contributions, distributions, and data management.

The audit involves substantive testing of transactions, examining samples of contributions, distributions, investments, and expenses for accuracy and compliance. Testing participant data and eligibility verifies proper inclusion/exclusion and benefit calculation.

The auditor communicates findings to plan management, addressing discrepancies or concerns. The culmination of the audit is the issuance of an audit report, which includes an opinion on the fairness of the plan’s financial statements. Opinions can be unqualified, qualified, adverse, or a disclaimer. A management letter may also be issued, detailing internal control weaknesses or operational recommendations. The audited financial statements and opinion must be attached to the plan’s annual Form 5500 filing, submitted to the Department of Labor.