Surviving Your Outside CPA's Annual Employee Benefit Plan Audits

deangelo_kristie_new wasser_diane_newWhat’s the Objective of the Audit? 

  • Annual audit is required by ERISA/plans subject to Title 1 of ERISA.
  • To express an opinion on whether the plan’s financial statements are presented fairly, in all material respects, and in conformity with U.S. generally accepted accounting principles.
  • The auditor is responsible to plan and perform the audit to obtain reasonable assurance that material misstatements are detected.
  • Reasonable assurance is high, but not absolute. 
  • The audit is conducted in accordance with auditing standards generally accepted in the US (in addition to standards of the PCAOB for 11-K filings).
  • Generally accepted auditing standards require, among other things:
    • Proper planning and risk assessment
    • Understanding the design and implementation of internal control  
    • Gathering of sufficient evidence  
    • Documentation of findings    

When is an Audit Required? 

  • ERISA generally requires audits for plans with an excess of 100 eligible participants at the beginning of a plan year.
  • Watch eligible in a 401(k) plan.
  • Be sure to include those obtaining and maintaining benefits – those who are no longer employed yet have vested balances or benefits to be paid, count!
  • In addition to the Department of Labor’s audit requirement, the Securities and Exchange Commission requires filing of audited financial statements for plans allowing participants to voluntarily defer their own funds for the purchase of employer stock.
  • Such plans are deemed to be issuers.
  • The plan financial statements are filed with a Form 11-K.
  • The filing must be in accordance with PCAOB standards.
  • The auditor issues 2 audit reports.
  • Transition issues with predecessor auditor.

How to Prepare for the Annual Plan Audit 

  • Take control!
  • Know your responsibilities – the financial statements are those of plan management – only the opinion is the auditor’s.
  • Contact service providers early each year to assure they have the necessary information on a timely basis.
  • If not provided by the auditor, request a list of schedules and documents the auditor will require prior to the start of the process.
  • Have a point person.
  • Get finance involved if typically HR has been the auditor’s main contact.
  • Review information before it is provided to the auditor to minimize the back and forth.
  • Expect great things!
    • Communication throughout the process.
    • Innovative ideas.
    • Suggestions on enhancing procedures for efficiency and minimization of risk.

What Exactly is Audited? 

  • Think in terms of the financial statement line items.
  • Statement of Net Assets Available for Benefits:
    • Investments
    • Participant loans
    • Receivables (accrual basis)
      • Participant contributions
      • Employer contributions
      • Income
    • Liabilities (not for benefits)
      • Accrued expenses
  • Statement of Changes in Net Assets Available for Benefits:
    • Contributions (received and receivable)
      • Timeliness of deferrals
    • Rollovers
    • Gains and losses/appreciation and depreciation on investments
    • Investment income
      • Interest and dividends
    • Distributions
    • Administrative expenses
    • Transfers/plan mergers
  • The focus of the audit is on the material account balances and major transaction classes from which the statements are derived.
  • Participant activity is a major transaction class
    • Opening balance, eligibility, demographics, contributions, vesting, distributions, transfers, rollovers, fund allocations, earnings allocations, ending balance.
  • Focus on investments is driven by the audit scope.
  • Investments –Limited Scope or Full Scope Audit
    • Limited Scope –assets are held by a bank, insurance company or trust company, and are certified as to completeness and accuracy.
      • Custodians certify the information as contained in their ordinary books and records.
      • Custodians generally provide values based on best information available .
        • Watch “as of” dates for old information.
        • Watch fair value.
      • Auditor has no responsibility to test investments, investment activity and related transactions.
  • Full scope -Audit investments, investment activity and related transactions.
    • Confirm existence and ownership, assure no liens, no pledges or other security interests.
    • Reasonably conclude investment transactions are recorded and investments are valued in conformity with GAAP.
    • Disclosures are proper.

Valuation of Investments and FASB 157 

  • Each plan will be impacted by FASB 157 for the calendar 12/31/08 year end, primarily in footnote disclosures.
  • FASB 157:
    • establishes a framework for measuring fair value under GAAP
    • Clarifies the definition of fair value within that framework
    • Expands disclosures on fair value measurements
  • Fair Value definition:
    • “The price received to sell an asset or transfer a liability in an orderly transaction between market participants at the measurement date”.
  • The FASB discusses valuation techniques and inputs to those valuation techniques and includes a hierarchy for measurement at fair value.
  • The hierarchy is based on observable and unobservable inputs to valuation and the levels in the hierarchy are determined by where and how the pricing of investments is derived.
  • Level 1, 2 and 3 will be a discussion point with service providers and ultimately auditors.
  • Watch for alternative investments and participant loans.
  • Limited scope audit is still available.
  • PLAN MANAGEMENT IS HELD RESPONSIBLE FOR INVESTMENT VALUATIONS AND FINANCIAL STATEMENT DISCLOSURES —Even where there are outside investment custodians, asset or fund managers, or other service providers to assist in determining the value of investments on a plan’s financial statements and Form 5500, the DOL holds plan management responsible for the proper reporting of plan investments. This responsibility cannot be outsourced or assigned to a party other than plan management.

Investment Valuation 

  • While management may look to a valuation service provider for the mechanics of the valuation, management should have sufficient information to evaluate and independently challenge the valuation. Therefore, it is important that plan management is familiar with the plan assets in which a plan invests and the methods and significant assumptions used to value them, especially for investments in securities or other assets for which readily determinable fair market values do not exist.

Investment Valuation Controls 

  • Controls to employ:
    • Investment transactions are recorded at the appropriate amounts and in the appropriate periods on a timely basis.
    • Investment assets are protected from loss or misappropriation.
    • Investments are measured at fair value (or contract value as appropriate).
    • Investment criteria and objectives are authorized and executed in accordance with formal authorizations.

Investment Valuation 

  • A plan auditor may provide advice, research materials and recommendations to assist in making decisions about the accuracy of investment valuations and the adequacy of the related disclosures, and in establishing internal controls surrounding plan management’s investment valuations and can also help with the financial statement preparation.
  • Independence.

What does a SAS 70 mean to a Plan Sponsor? 

  • It is important to keep in mind that auditors, under professional standards, cannot be a part of a plan’s internal control. 
  • Controls of a benefit plan are comprised of controls at the plan sponsor as well as at service organizations.
  • SAS 70’s are reports on the design of internal controls (Type I) and operating effectiveness (Type II) at a service provider.
  • Outlines what user controls are required.
  • Not only useful for the Auditor!
  • Review by Plan Management at least annually as part of the third party service provider monitoring effort is good practice.

How TPA’s Can Help 

  • Share PBC listing with the TPA
  • Audit Package
  • SAS 70
  • Documentation of participant transactions
  • Form 5500
  • Testing results

What Should the TPA Provide? 

  • Organized audit package
  • Detailed listing of participant balances
  • 157 information
  • Draft Form 5500 and all related schedules
  • Compliance and discrimination testing
  • Allocation of employer contributions
  • Loan roll-forward report/delinquent loan reports
  • Distribution report
  • Transaction information
  • SAS 70 report, if available
  • Timely response to inquiries resulting from the annual audit

Auditor Communications 

  • Generally written communications include:
    • A written understanding between the auditor and the client –engagement letter (required by SAS 108).
    • Representation letter
    • Internal control communications
  • Internal control communications are outlined in SAS 112, now superseded by SAS 115.
  • SAS 112 required auditors to communicate, in writing, to management and those charged with governance, significant deficiencies and material weaknesses identified in an audit.
  • SAS 115 essentially was issued to eliminate differences with the PCAOB definitions.
    • Revises the definitions of material weakness and significant deficiency.

How to Select an Auditor and Manage the RFP Process 

  • The DOL has developed guidance to assist plan administrators in selecting an auditor and reviewing the audit report.
  • This guidance discusses why the choice of an auditor is important; plan auditor qualifications; the importance of experience in auditing employee benefit plans.
  • Recommends requesting references and checking licenses.
  • Discusses the importance of the audit engagement letter, audit scope, what happens when the audit is complete.
  • Suggests questions the plan administrator should ask the auditor about his/her work.
  • The AICPA Employee Benefit Plan Audit Quality Center (EBPAQC) has prepared a document titled “Obtaining Quality Employee Benefit Plan Audit Services: The Request for Proposal and Auditor Evaluation Process” to assist plan sponsors and other stakeholders in the proposal and evaluation process to obtain quality audit services for employee benefit plans.
    • Addresses each step of the proposal process.
    • Contains a checklist of items that should be considered in preparing the RFP.
    • Discusses the proposal evaluation and auditor selection process.
    • Provides information about how to find an auditor.

Selecting the Auditor 

  • The EBPAQC suggests getting the following firm information:
    • Size, location, and history of the CPA firm.
    • Whether the firm is a member of the AICPA Employee Benefit Plan Audit Quality Center (EBPAQC).
    • Number of employee benefit plan (EBP) clients.
    • Number of similar type plan audits, including the size of each plan (by number of participants and/or amount of total assets).
    • Number of EBP clients gained/lost in the past several years.
  • States in which the firm is licensed to practice.
  • Firm references-especially from similar type plans-and specific contact information.
  • The firm’s latest Peer Review Report, Letter of Comments, and firm’s response (if any).
  • Whether the firm is subject to current litigation.
  • Whether the firm is the subject of any DOL, AICPA, or State Society Ethics findings or referrals.
  • Whether the firm meets the independence standards of the AICPA and DOL.
  • The firms’ working paper retention and access policies and requirements.
  • If filing with the SEC 11-K, whether firm is registered with PCAOB.
  • Whether the firm has insurance coverage (errors & omissions, workers’ compensation, etc.).

Tools Available to Assist 

Have Questions or Comments?

If you have any questions about this media item, we'd like to hear your opinion. Please share your thoughts with us.

Contact EisnerAmper

* Required