Did your company’s 401(k) plan have 120 or more participants at the start of the plan year? If so, you’ve hit the federally-mandated minimum to have an audit. A 401(k) audit will thoroughly examine the accuracy of your company’s 401(k) plan management, administration, and regulatory compliance from the previous year.
Every 401(k) audit seeks to identify whether your company is operating its 401(k) plan appropriately and within a legally required framework as dictated by the Employee Retirement Income Security Act (ERISA). However, what that process looks like at a granular level may vary depending on which CPA firm you hire to do the audit, and in particular, whether your auditor uses a virtual auditing method or a more traditional on-site audit.
Traditional 401(k) Audit vs. Distributed Virtual 401(k) Audit
Some auditing firms prefer the more traditional route of coming to your company’s physical location for every major step in the process, including the initial planning phase, document reviews and requests, sampling, and closing procedures. This “in-your-hair” method can result in weeks of having an auditor setting up shop in your break room, conference room, custodial closet, or wherever you have available space. Much of the time investment for a 401(k) audit depends on the number of participants in your 401(k) plan, how many documents can be used by the auditor from the previous audit to help them understand how your Plan works, what your document retention policy is and if you have followed it, and how much your 401(k) plan and its management has changed in the previous year, among other factors.
A physical audit for planning and reviewing the pile of documents required out of a 401(k) audit requires the auditor to travel to your location and use up space in your office. They may need several days in your facility to complete the audit and Plan management will need to make themselves available during that time to answer questions and obtain additional needed documentation.
Alternatively, some audit firms prefer to use a fully modern, distributed virtual auditing process. With virtual auditing, your company can engage in the auditing process at your own speed and without having to dedicate extra resources and physical space to the auditing company. Virtual auditing also allows for a distributed approach that makes it easy to spread the tasks across multiple stakeholders using the established virtual platforms. During a virtual audit, the auditors employ various digital tools that eliminate the necessity of physical travel and meetings. Virtual auditing tools include video conference software like Zoom and secure web-based documenting apps like Smartsheet. These digital options help reduce the burden on both the auditors and their clients, allowing clients to more efficiently self-pace through the auditing process.
Step 1: The Engagement Letter
Despite the name, there are no diamond rings involved here. Whether the auditor is operating via a traditional or virtual audit, the process begins with the auditor issuing an engagement letter. The engagement letter is a fairly standard agreement between the auditor and the client that helps set the limitations and expectations involved in the 401(k) audit.
Within the engagement letter, you can expect the auditor to:
- Identify the year and time period of documents to be audited
- Establish responsibilities and limitations of both the auditor and the client
- Identify the legal requirements and limitations of both the auditor and the client
- Provide an outline of the auditing procedures
- Provide estimated auditing fees
The engagement letter precedes any formal planning sessions. You can expect the auditor to put together and send the engagement letter prior to the first planning meeting.
Step 2: The Planning Process
After the Engagement Letter has been signed by all parties, you and the auditor will have one or more planning meetings to help establish which documentation is required for the audit. During the planning process, you can expect the auditor to inquire about multiple factors related to your company’s 401(k) plan management, including:
- More about the Plan’s history
- Your payroll structure
- Identification of all parties involved in plan and payroll administration
- Other necessary components that help the auditor better understand how your 401(k) is operated
With a traditional audit, this part and almost every part of the process will happen in your office. With a virtual audit, video conferencing tools will be used to meet virtually with key stakeholders.
Step 3: The Document Request
One of the longest parts of the 401(k)-auditing process is the document request. The document request requires you to locate and deliver the various types of documents directly and sometimes indirectly related to your 401(k) management. Depending on the organizational structure of your 401(k) plan and audit history, preparing and sending the requested documents could take days or weeks. Reviewing the documents may take days or weeks, as well, especially if the plan is large or involves complex transactions. During the document request process, the auditor will send what’s known as a Provided by Client (PBC) list. These are the type of documents you need to deliver that the auditor is required to review.
The list of documents you must provide during the 401(k)-auditing process includes, but is not limited to:
- Copy of Form 5500 from the previous year and current year
- Executed plan documents (including amendments)
- Current year census
- List of parties-in-interest
- Participant statements
- SOC reports
- Plan sponsor trust reports and other related detail schedules
- Discrimination testing
Check here for the complete list of documents required for a 401(k) audit.
With a virtual audit, the document request and sending process can occur more seamlessly using web-based tools like Smartsheet. With Smartsheet, your administrators responsible for preparing and delivering the requested documents can load these documents into the Smartsheet system from anywhere, and at any time. Auditors will be alerted automatically when new documents are loaded into the system, which reduces the necessity for scheduled meetings related to documents.
You’ll find this process includes a preliminary request list for primary documents. Follow-up document requests will follow, based on what the auditor needs in order to continue examining your 401(k) Plan transactions. If you have been audited previously, you may find this process to be a bit simpler as you may have many documents the auditor needs. Businesses entering into the auditing process for the first time, or that have gone through major restructuring in the previous year, may find this process takes much more time.
Step 4: The Testing Process
Following the initial document request, the auditor will begin to conduct the required audit testing. During the testing phase of the audit, you may be asked to provide additional documentation. The auditor may also request additional details about specific items you’ve provided. Auditors will review everything related to 401(k) administration, such as ensuring checks are sent to the correct individuals, proper account and payment segregation, and correct dollar amounts.
The auditor will also examine participant-level samples—such as payroll and W-2 information—to help verify the accuracy of the information that is input into the 401(k) administration. The sample size of your participant-level review will vary based on the total size and complexity of the 401(k) plan. You can more easily streamline the testing process by having dedicated documentation retention policies in place throughout the year, especially for documents related to your 401(k) plan. Effective plan monitoring and record-keeping can help avoid surprises during the auditing process. Importantly, the auditor won’t know what documents you do or don’t possess. This is the purpose of the document request. Allow the audit process to be more of a conversation. For example, if the auditor is asking for participant 401(k) loan information and your plan doesn't have loans, don't struggle over what to send and risk slowing the process by sending incorrect items. Instead, ask why the auditor needs that information and offer more clarification on what type of documents you possess.
Step 5: Closing Procedures
The auditor won’t leave you in the dark once the audit is complete. In fact, at the end of the audit, you’ll receive the required audited financial statements that are required for filing with IRS Form 5500. The auditor will also have a closing meeting with your plan administrators and other stakeholders to review any issues (if any) that were uncovered during the audit.
Once this process is done, so is the audit. You can relax and perhaps take a long and well-deserved vacation.
At Summit CPA, we understand that plan administration can be a huge burden to companies especially with all the complexities added due to the pandemic. However, don’t let your guard down regarding your 401(k) plan. It is an important responsibility of the plan fiduciaries to ensure compliance at all times. A review of current compliance and administration now will help make the start of 2021 a little less stressful. For more information on how we can help, contact our office at (866) 497-9761.