Created with Sketch.

Employee Benefit Plan Audit - ERISA Requirement Frequently Asked Questions

PRIMARY CONTACT: Patricia Giudici, CPA

Employee benefit plan audits are required for a majority of plans that are covered by the Employee Retirement Income Security Act of 1974 (ERISA). With increased scrutiny on employee benefit plan audits, the Schneider Downs ERISA group has prepared a listing of Frequently Asked Questions to help parties better understand the requirements and types of benefit plan audits, including the required filings, characteristics to look for in an audit firm, and advice on preparation for an audit.

What is ERISA?

The Employee Retirement Income Security Act of 1974, or ERISA, protects the assets of employees so that funds placed in retirement plans during their working lives will be available when they retire. ERISA is a federal law that establishes certain standards for retirement plans in the private industry.  For example, ERISA specifies (1) minimum standards for employee eligibility, vesting and funding, (2) fiduciary responsibilities and standards, (3) reporting and disclosure requirements, and (4) enforcement responsibilities.  Additionally, certain parts of ERISA are coordinated with applicable tax-related provisions of the Internal Revenue Code.

What types of benefit plans are subject to ERISA?

In general, ERISA applies to the following types of benefit plans:
  • Pension plans sponsored by non-governmental organizations.  Pension plans include both defined benefit and defined contribution plans.  Examples of defined contributions plans include, but are not limited to, profit-sharing plans, 401(k) plans, employee stock ownership plans (ESOPs), and 403(b) plan arrangements.
  • Welfare benefit plans (insured or otherwise), providing health insurance, group life insurance, long-term disability income, severance pay, vacation benefits, training programs, daycare centers, scholarship funds, and prepaid legal services
  • Health Reimbursements Accounts (HRAs)
  • Flexible Spending Accounts (FSAs)

What type of retirement plan should I provide to my employees?

The type of plan that an organization provides depends on a number of factors, including the size of the organization, the employer’s commitment to providing benefits, the organization’s goals and objectives, the costs of maintaining the plan, etc. Employers should work closely with knowledgeable retirement plan advisors to identify the specific retirement plan program that is appropriate for their organization and employees.

What reporting and disclosure requirements are associated with a plan subject to ERISA?

There are a number of different federal reporting and employee disclosure requirements associated with maintaining a benefit plan that is subject to ERISA.  While many of these requirements are consistent across all types of ERISA plans (Form 5500 reporting, for example), others depend upon a plan’s specific provisions and features. To assist plan sponsors with identifying their reporting and disclosure responsibilities, the Department of Labor has published a Reporting and Disclosure Guide for Employee Benefit Plans, which can be found at http://www.dol.gov/sites/default/files/ebsa/about-ebsa/our-activities/resource-center/publications/reporting-and-disclosure-guide-for-employee-benefit-plans.pdf

How much can be contributed to a retirement plan?

Qualified plan contributions are subject to various limitations under the Internal Revenue Code.  These limitations are updated annually by the IRS.  The following chart provides a comprehensive listing of the current contribution limits:

What are the current various IRS limitations on benefits and compensation?

IRS Limits 2021 2022
Compensation limit $290,000 $305,000
401(k) deferral limit $19,500 $20,500
401(k) catch-up limit $6,500 $6,500
Defined contribution individual limit* $58,000 $61,000
IRA contribution limit (49 and under) $6,000 $6,000
IRA contribution limit (50 and above) $7,000 $7,000
*Excludes catch-up limits

Who is a fiduciary and what are the general responsibilities of a fiduciary?

A fiduciary is any individual who has discretionary control or authority over plan management or assets, or responsibility for plan administration or provides investment advice (or has the authority to) for compensation. Fiduciaries include, but are not limited to, plan trustees, plan administrators and members of the plan’s investment committee. Fiduciaries have important responsibilities and are subject to standards of conduct because they act on behalf of participants in a retirement plan and their beneficiaries. These responsibilities include acting solely in the interest of plan participants and their beneficiaries and with the exclusive purpose of providing benefits to them; carrying out their duties prudently; following the plan documents (unless inconsistent with ERISA); diversifying plan investments; and paying only reasonable plan expenses. The duty to act prudently is one of a fiduciary’s central responsibilities under ERISA and requires expertise in a variety of areas, such as investments. While many fiduciaries will hire professionals to assist with carrying out these responsibilities, it is important to note that he/she will retain a fiduciary responsibility to monitor the chosen service providers.

Who is required to file a form 5500?

Form 5500 must be completed by the sponsor of any plan subject to ERISA.

When is the deadline for completing the audit of an employee benefit plan and filing Form 5500?

The Form 5500 (and accompanying audit report, if required) is due seven months after the last day of the plan year (July 31 for calendar year-end plans), and can be extended for an additional 2½ months, to October 15 for calendar year-end plans.

Are there employee benefit plans that are not subject to Title I of the Employee Retirement Income Security Act (ERISA) and therefore don’t have an annual reporting obligation?

Yes. Governmental plans and church plans are exempt from Title I of ERISA as well as certain types of 403(b) plans that qualify under the safe harbor rules. You should consult with ERISA counsel if you believe your plan may be exempt from the reporting obligations of Title I. Failure to comply with these regulations could result in significant penalties being assessed to your plan.

When is an audit of an employee benefit plan required?

Generally, employee benefit plans with 100 or more participants (includes eligible, but not participating as well as separated employees with account balances) are considered to be “large” plans and are required to have an audit performed on an annual basis. Plans with fewer than 100 participants (“small” plans) generally do not require an audit to be performed.

Are there any exceptions to these general rules?

Yes, an exception to these general rules does exist. The “80-120 rule” as it is called may permit plans with more than 100 participants to be treated as a “small” plan. In instances where a plan existed in the previous year, was treated as a small plan for that year and has no more than 120 participants (as of the beginning of the plan year), it may continue to file as a small plan, and no audit will be required. There is no limit to the number of years this rule may be applied. This means a plan may have up to 120 participants for many years without having an audit requirement. However, if a new plan (no previous Form 5500 filing) has 100 or more participants (as of the beginning of the plan year), it must file as a “large” plan, and therefore, would require an audit.

What are the audit requirements for a welfare benefit plan?

Medical, dental, short- and long-term disability and other types of welfare benefit plans only require an audit if funded. Often, benefits from these plans are paid out of the general assets of the employer/plan sponsor, or through insurance rather than a trust. If the plan uses a trust, it will be considered a funded plan, and an audit will be required if there are 100 or more participants.

What are the audit requirements for short plan years?

If the plan year is seven months or less, the audit for the short plan year may be deferred until the following plan year. The plan audit for the short plan year still needs to be performed; however, the audit report is filed with the following year’s Form 5500. Filing of the short plan year’s Form 5500 is not deferred. If the election to defer the audit is elected and the plan participant count falls under 100 for the subsequent plan year, the plan must still meet the large plan filing requirements in that subsequent year.

What is an ERISA Section 103(a)(3)(c) audit?

An ERISA Section 103(a)(3)(C) audit permits the plan administrator the option of not having investment information (at the plan level only) tested during the audit. In order to permit a limited scope audit, the investment information must be certified by the trustee or custodian as ‘complete and accurate.’ Certifications of completeness or accuracy, but not both, do not qualify for ERISA Section 103(a)(3)(C) audit. Additionally, the certification cannot be from a broker/dealer. The certification must be from a qualified institution. Under Department of Labor (DOL) regulations a qualified institution is one that is regulated and subject to periodic examination by a state of Federal agency such as a bank, trust company, or similar institution including an insurance company. The ERISA Section 103(a)(3)(C) audit exception does not apply to any other audit areas (i.e., participant data, contributions, distributions, etc.) only to investments.

Do all plans qualify to have a limited scope audit?

No. 11-k audits (audits of a public company’s employee benefit plan that contains plan sponsor stock), master trust arrangements with certification only at the master level, church and governmental plans and assets held outside of a trust are not eligible for ERISA Section 103(a)(3)(C) audit audits. Additionally, plans whereby the assets are not held by a qualified institution do not qualify for an ERISA Section 103(a)(3)(c) audit.

What types of items do plan auditors ask for?

The area of most focus in a plan audit should be on participant-related transactions and activity. This includes payroll information, deferral percentages, demographic information, distribution paperwork, claims paid (for health & welfare plans), and, most importantly, the plan document provisions. Without the plan document, an audit should not be started. Just as important as participant data is the plan’s investments. As noted above, the level of audit procedures for investments varies in an ERISA Section 103(a)(3)(C) audit or full scope audit. However, no matter what the scope, a plan’s financial statements must contain all disclosures required by the financial report framework (generally accepted accounting principles).

What are the five most common tips for a successful employee benefit plan audit?

  1. Prepare and be proactive: Ensure that the timing of the audit is agreed upon with the audit team and ensure the audit team has provided the client assistance listing in advance of fieldwork.
  2. Suggest alternatives: If there are difficulties in fulfilling an audit request, talk to your audit team. There may be alternative reports your auditor can use to accomplish the required test.
  3. Communicate: Request regular status meetings with your audit team to discuss open items, testing exceptions, and more.
  4. Set Realistic timelines: The timeline should be agreed upon by both the plan sponsor and the audit team in advance. If the plan is going through an audit for the first time, make sure to build additional time into the schedule.
  5. Ask Questions: Audit teams welcome the opportunity to answer questions. The audit process should be an interactive process.

What is the American Institute of CPAs Employee Benefit Plan Audit Quality Center (EBPAQC)?

The EBPAQC is a voluntary membership organization for firms performing ERISA employee benefit plan audits and was established to promote the quality of employee benefit plan audits.  The EBPAQC provides members with timely communication of regulatory updates, best practices guidance, technical updates and member to member discussion forums to discuss these matters.

What are the membership requirements of the American Institute of CPAs EBPAQC?

Membership requirements include designating an audit partner to have firm-wide responsibility for the quality of the firm’s ERISA employee benefit plan audit practice; establishing a program to ensure that all ERISA employee benefit audit plan audit engagement personnel possess current knowledge, appropriate for their level of involvement in the engagement; establishing annual internal inspection procedures that include a review of the firms ERISA employee benefit plan audit practice; establishing policies and procedures specific to the firm’s ERISA employee benefit plan audit practice to comply with the applicable professional standards and EBPAQC member requirements.

Why should I look for an audit firm that is a member of the EBPAQC?

Studies by the DOL of employee benefit plan audits show a much smaller deficiency rate in firms that belong to the EBPAQC than those that do not.  Given the fiduciary responsibility of the plan sponsor to have a quality audit performed, this becomes a very significant factor to consider.

What is an ERISA Fidelity Bond?

An ERISA fidelity bond is a required type of insurance that protects the plan against losses caused by fraud or dishonesty.  It is different from fiduciary liability insurance (which is not required but encouraged), which insures fiduciaries against losses caused by breaches of fiduciary responsibilities.

Audit and Assurance Services for Employee Benefit Plans Resources

About Schneider Downs ERISA

The Schneider Downs ERISA audit practice consists of a service model that is not limited to attest services but includes providing support and oversight to clients, year-round access to experts, annual education seminars for clients that include both regulatory and accounting updates, and more.  For more information, visit our dedicated Audit and Assurance Services for Employee Benefit Plans page or contact us at [email protected].

VIEW PDF VERSION

CONTACT US

"*" indicates required fields

How would you like us to contact you?*
This field is for validation purposes and should be left unchanged.

Learn how we’ve Solved Big Problems For our clients

Big Problem: Company Impacted By Ransomware.

Big Thinking: Restore System On-site And Avoid Six-figure Ransom.

Read Case Study

Big Problem: Inefficient Tax Credit Realization.

Big Thinking: Identified A $900,000 Tax Credit, Nearly Twice As Much As Prior Years.

Read Case Study

Our Thoughts On

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Breached?

Every moment counts. For urgent requests, contact the Schneider Downs digital forensics and incident response team at 1-800-993-8937. For all other requests, please complete the form below.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.