Retirement Plan Audit Strategies - New 403b Regulations Plan Document Requirements  

ERISA generally requires audits for plans with 100+ eligible participants at the beginning of a plan year
403b To-Do List
How to prepare for the annual plan audit
Selecting the auditor and what to expect from the audit process

Our employee benefit plan auditing services enables more than just an audit report. EisnerAmper also offers assistance with fiduciary responsibilities, plan qualification and reporting alternatives.


Retirement Plan Audit Strategies Webinar New 403(b) Regulations – Plan Document Requirements

Contact: Diane Wasser

November 11, 2009

Diane M. Wasser, CPA, Partner-In-Charge, Pension Services Group

When An Audit Is Required, Audit Purpose, How To Prepare

When Is An Audit Required? 

  • ERISA generally requires audits for plans with an excess of 100 eligible participants at the beginning of a plan year
  • Watch eligible 
  • Be sure to include those obtaining and maintaining benefits – those who are no longer employed yet have vested balances or benefits to be paid, count!
  • The audit report and financial statements are attached to Form 5500
  • Form 5500 is due seven months after the plan’s year end and can be extended for 2 1/2 months

What Is The Objective Of The Audit? 

  • To express an opinion on whether the plan’s financial statements are presented fairly, in all material respects, and in conformity with U.S. generally accepted accounting principles
  • The auditor is responsible to plan and perform an audit to obtain reasonable assurance that material misstatements are detected
  • Reasonable assurance is high, but not absolute 
  • The audit is conducted in accordance with auditing standards generally accepted in the U.S.
  • Includes:
    • Gathering information to understand the plan and its internal control environment
    • Risk assessment
    • Understanding the design and implementation of internal control
    • Detailed testing of a plan’s accounts and transactions
    • Gathering sufficient audit evidence
    • Documentation

How To Prepare For The Annual Plan Audit 

  • Take control!
  • Prepare a desired timeline
  • Know your responsibilities – the financial statements are those of plan management – only the opinion is the auditor’s
  • Contact service providers early each year to assure they have the necessary information on a timely basis. Be sure they know your expectations
  • If not provided by the auditor, request a list of schedules and documents the auditor will require prior to the start of the process
  • Have a point person
  • Get Finance involved, along with HR and Payroll departments
  • Contact service providers early
  • Review information before it is provided to the auditor, to minimize the back and forth
  • Expect great things!
    • Communication throughout the process
    • Innovative ideas
    • Suggestions on enhancing procedures for efficiency and minimization of risk

Selecting The Auditor 

Firm information

  • Size, location and history of the CPA firm
  • Whether the firm is a member of the AICPA Employee Benefit Plan Audit Quality Center (EBPAQC)
  • Number of employee benefit plan (EBP) clients
  • Number of similar-type plan audits, including the size of each plan (by number of participants and/or amount of total assets)
  • Number of EBP clients gained/lost in the past several years
  • States in which the firm is licensed to practice
  • Firm references (especially from similar-type plans) and specific contact information
  • The firm’s latest peer review report, letter of comments and firm’s response, if any (also available for AICPA EBPAQC members at
  • Whether the firm is subject to current litigation
  • Whether the firm is the subject of any DOL, AICPA, or state society ethics findings or referrals
  • Whether the firm meets the independence standards of the AICPA and DOL
  • The firm’s working paper retention and access policies and requirements
  • If filed with the SEC 11-K, whether firm is registered with PCAOB
  • Whether the firm has insurance coverage (errors & omissions, workers’ compensation, etc.)

What To Expect From The Audit Process 


  • Disruption from your daily routine
  • Engagement agreement outlining fees, scope of audit, and expectations
  • Kick-off meeting
  • Planning - providing plan documents, amendments, service agreements, etc. for review by the auditor
  • Fieldwork – auditors on site to review audit evidence, including payroll information, personnel files, etc.
  • Closing meeting
  • Audit opinion
  • Correspondence with those charged with governance
  • Correspondence regarding internal control recommendations
  • List of schedules and documents required
  • Inquiries regarding plan provisions, daily operation, fraud, risk, etc.
  • Inquiries regarding internal controls
  • Risk assessment
  • Requests for documentation of participant-level information
  • Experience
  • Knowledge of plan terminology
  • Clear line of communication
  • Helpful recommendations!

What The Auditor Expects Of You 

  • Time
  • Responsiveness
  • Good faith efforts
  • Documentation requested in a timely manner
  • Coordination of communication with third-party providers/vendors
    • 403(b)-specific
      • Full analysis of vendors
      • Full analysis of participant population
  • Financial statements
Procedures To Expect From Auditors; Unique Issues For 403(b) Audits 

What Is Audited? 

  • Investments
  • Participant data
    • Opening balance
    • Eligibility
    • Demographic data
    • Contributions by employees and the plan sponsor
    • Distributions
    • Transfers in and out
    • Earnings allocations
    • Fund allocations
    • Vesting
    • Ending balance
  • Timeliness of contributions
  • Prohibited transactions

Investments – Limited-scope or full-scope audit 

  • Limited scope: Assets are held by a bank, insurance company or trust company, and are certified as to completeness and accuracy
    • Custodians certify the information as contained in their ordinary books and records
    • Custodians generally provide values based on best information available
    • Auditor has no responsibility to test investments, investment activity or related transactions
  • Full scope: Audit investments, investment activity and related transactions
    • Confirm existence and ownership, assure no liens, no pledges or other security interests
    • Reasonably conclude investment transactions are recorded, and investments are valued in conformity with GAAP
    • Disclosures are proper
  • Participant data  
  • Auditors are required to perform procedures at the participant level
  • Objectives of auditing procedures for participant data are to provide a reasonable basis to conclude whether:
    • All covered employees have been properly included
    • Accurate participant data for eligible employees was supplied to the third-party administrator
  • Information must be provided for participants regardless of their current employment status
  • Auditors need access to:
    • Payroll data
    • Personnel files
    • Deferral percentages
    • Third-party records detailing participant account balances and fund allocations

Detailed participant records for 403(b) plans - Previously, sponsors of a 403(b) plan had minimal involvement in the plan, as virtually all plan recordkeeping was outsourced

  • The plan sponsors typically withheld participant contributions and remitted them to the appropriate vendor
  • Now that the plans will be audited, it is expected for the plan sponsor to have control over the plan (even if certain functions are outsourced), and the auditors will need to understand these controls.
  • Early consideration of the significant accounting procedures and internal controls could help make the audit more efficient
  • 403(b) plan sponsors will need to ensure records are available, by participant. This could be a significant request, especially if each individual is given his/her own account number, and they are not linked together by sponsoring organization
  • ERISA requires plan administrators to retain records that:
    • Support information included in the reports and disclosures for six years from the date the annual reports are filed; and
    • Are sufficient to determine the benefits due or which may become due


  • DOL regulations provide that participants’ contributions to ERISA plans that are paid to or withheld by an employer become plan assets “as of the earliest date on which they can reasonably be segregated from the employer's general assets”
  • In 1996 amendments to the regulations, the DOL shortened the outside time limit for contributing these amounts to plans [e.g., 401(k) plans, 403(b) plans subject to ERISA] from no later than 90 days after the beginning of the month following the month in which the contributions are withheld to no later than 15 days after the beginning of such month
  • Timeliness of deposits has historically been a frequent DOL audit issue
  • The employer must deposit the employee contributions in a timely manner
  • The law requires that participant contributions be deposited in the plan as soon as it is reasonably possible to segregate them from the company’s assets
  • The “no later than the 15th business day of the month following the payday” rule is difficult to defend and is not a safe harbor
  • If employers can reasonably make the deposits sooner, they need to do so

    First-Year Considerations 

    • DOL requires comparative statements of net assets available for benefits
    • 403(b) plans will need 12/31/08 or 6/30/09 statement of net assets available for benefits (at a minimum) compiled
    • A compilation is less than an audit, and a compilation report will be rendered
    • Must determine that the accounting principles used by the plan in the current and preceding year are consistent
    • Must address the opening balances at the participant level
    • Availability of SAS 70s must be addressed
    • Address completeness and accuracy of participant data and records
      • Address eligibility, types of benefits, participant account balances
    • Opening balances at the participant level
      • Essentially must address multiple prior years’ activity
        • Contributions
        • Distributions
        • Other plan activity
    • Going back in time presents a unique difficulty for 403(b) plans, given the possible recordkeeping shortfalls

    Unique 403(b) Plan Audit Aspects 

    • 403(b) plan unique circumstances pose unique issues when gathering necessary information to prepare financial statements and obtain sufficient supporting documentation
    • Although the audit is for 2009, the 2008 and prior years’ information is needed for the 2009 opening balances
    • 403(b) plans did not historically have strict reporting guidelines forcing documentation at the plan level
    • Historically treated as a collection of individual contracts
    • The final regulations, by default, impose greater fiduciary responsibilities with respect to 403(b) programs covered by ERISA
    • Generally, fiduciary standards include:
      • Acting solely in the interest of participants
      • Following the plan document
      • Paying only reasonable expenses
      • Diversifying investments
      • Carrying out duties prudently (prudence requires expertise and process)

    403(b) To-Do List 

    • Form a committee
    • Appoint a champion of the annual reporting process
    • Prepare a trial balance for each plan
    • It’s critical to employ fiduciary best practices; somewhat lacking in the 403(b) plan area
    • Plan committees
      • Meet regularly
      • Keep written minutes
      • Document fiduciary due diligence
    • Investment policy statements
    • ERISA attorney relationships
    • onitor service providers
    • Employ effective internal controls
    • Gather complete and accurate information from all vendors, for all years
      • Former employees and former vendors
      • Orphan contracts and missing participants
    • Effectuate information sharing agreements
    • Beginning balances require certain audit procedures
    • Carefully document the data collection process. This is essential 
    • Hire necessary service providers (auditors, recordkeeper/Form 5500 preparer, attorneys, investment advisor)
    • Focus on internal controls

    Internal Controls 

    • Establish proper internal controls over the plan’s financial reporting process
    • Establish policies and processes to ensure proper authorization and recordkeeping of plan transactions, including investments, contributions, benefit payments, participant data and administrative expenses
    • This includes controls at all service providers used by the plan, and ongoing monitoring of those controls
    • Effective controls reduce the risk of asset loss and help ensure that plan information is complete and accurate, financial statements are reliable, and laws and regulations are complied with

    Tools Available To Assist 

    • Employee Benefit Plan Audit Quality Center
      • Website:
        • Includes multiple resource centers with information and tools on EBP topics
        • Includes resource centers for plan sponsors, such as 403(b) plan assistance and tools
    • Employee Benefits Security Administration
      Office of the Chief Accountant (202) 693-8360
    • EFAST Help Line (866) 463-3278
    Browse Articles By Topic: Employee Benefit Plan Audit
    EisnerAmper is an independent member of PKF North America.
    PKF North America is an independent member of PKF International.