If you’re preparing for a first-time employee benefit audit this year, there’s some preliminary work to be done before the actual audit takes place – preparing documentation, selecting the right auditor and determining expected costs are important steps before your auditors begin the work. But what about when your engaged auditor begins the audit? Having the right mindset and expectations can help you prepare for the process of the audit from start to finish.
What Actually Happens During the Audit
During your benefit plan audit, your selected auditor will examine plan documents, policies and procedures, detailed information on participant accounts and overall compliance with ERISA guidelines. The various participant account information that is tested includes, but is not limited to, contributions, distributions, loans, investment income and investment elections. This audit report is provided to the Department of Labor (DOL) and submitted along with Form 5500. Your auditor will also look for any operational weak spots that can be addressed in order to improve how the benefit plan functions.
In a traditional audit, your auditors will perform fieldwork on site; however, more organizations are looking to remote audits, meaning the auditor can perform the work without being physically present at the auditing site. A remote audit can last about the same amount of time you would expect from a traditional onsite audit and can come with extra flexibility in implementation – for example, you may wish that your auditor be onsite only one or two days a week, while the other days being fully remote. Keep in mind that while a remote audit can be beneficial and potentially cost-saving, it requires well-planned communication, technology and security measures (e.g., encryption of shared files).
The Form 5500
Form 5500 is submitted to the DOL along with the benefit plan auditor’s report, and it is required by ERISA in order to ensure benefit plans are managed correctly. When filing Form 5500, your organization files as having either a “large” or “small” plan. As a general rule, benefit plans with 100 or more participants at the beginning of the plan year are considered “large” while benefit plans with less than 100 participants are considered “small.”
However, there is one exception known as the 80-120 participant rule – if the plan has between 80 and 120 participants at the beginning of the plan year, then the organization (or plan sponsor) is allowed to file Form 5500 in the same way they did the previous plan year. For example, if a plan has 90 participants on the first day of its plan year, and it filed as a small plan the year before, it may do so again. The 80-120 participant rule can apply multiple times until the plan exceeds 120 eligible participants, at which point it would be considered a large plan. Once a plan has been filed on Form 5500 as large, it may not file as a small plan again unless the participant number falls below 100.
DOL and Cybersecurity
Due to the increasing risk of cyberattacks, the DOL may now inquire how the plan sponsor is complying with certain cybersecurity standards and frameworks for benefit plans. This means that you must demonstrate how your benefit plan cybersecurity policies and procedures are protecting any assets and data from a potential attack. By remaining in compliance with the DOL’s cybersecurity guidance, you can reduce the chances of a cybersecurity audit from the DOL. You can read more about DOL cybersecurity audits in our most recent article, or speak to your Windham Brannon advisor about conducting a cybersecurity risk assessment.
Communication is Key
Be prepared for frequent two-way communication between you and your auditor during the plan audit. Request a planning meeting prior to the audit to discuss deadlines, the timing of audit testing, preferred communication methods and any relevant changes to the plan that could impact the audit.
As a plan sponsor, SAS 136 requires that you provide acknowledgments to your auditor before the audit begins, stating that you are responsible for certain actions, including that you meet any ERISA requirements, maintain and provide the auditor a current plan document, properly prepare your financial statements and provide a completed draft Form 5500 to your auditor for review.[1]
During the audit, you may receive numerous requests and questions from your auditor, which can be overwhelming for a first-time audit. However, remember that you can ask why an auditor needs certain information – this gives them the chance to explain why the audit is being performed a certain way and help you gain a better understanding of the process.
Final Deliverable
At the conclusion of your benefit plan audit, your auditor will prepare a report of their findings and submit the report to the DOL along with the prepared Form 5500 for your plan. The report includes any opinions regarding the plan’s financial statements, any schedules that are included in the plan’s annual report filing as well as any identified errors or weaknesses of internal controls. The auditor may make recommendations within the report to improve or correct these areas.
Windham Brannon understands benefit plan audit performance is an important piece of your compliance with ERISA and the DOL, especially for a first-time audit. For more information about how we can help with your benefit plan audit needs, reach out to your Windham Brannon advisor or contact Anne Morris.
[1] You can read more about SAS 136 requirements for benefit plan sponsors in our related blog post, “Horizon for Plan Sponsors and Auditors of Employee Benefit Plans.”