Does your employee benefit plan auditor really understand what’s at stake when performing your audit? It is more than a governmental requirement. It protects the assets promised to your employees and ensures that plan administration is in full compliance with the US Department of Labor and IRS.
The DOL has spent more than 25 years assessing the quality of employee benefit plan audits and taking aggressive action to improve them. The most recent study showed that only 61% of audits fully complied with professional standards compared to a 1997 baseline study that showed 81% of plan audit compliance. The decline correlates to an increasing amount of plan assets and number of plan participants at risk. This fact increases the chances of personal liability for your organization’s plan administrators and board members.
How is the DOL measuring audit deficiency? There are several areas it deems vital to compliance as defined by Generally Accepted Accounting Principles (GAAP), Generally Accepted Auditing Standards (GAAS) and the ERISA Act of 1974. ERISA was enacted by Congress to fix abuses in the nation’s private pension and welfare benefit plan system. Since then, the Act has been extended to apply to all defined contribution and defined benefit plans such as Simple IRAs and 401(k)/403(b) plans.
Let’s outline a few of these areas, and the questions you should ask your potential audit team about their knowledge or level of accomplishment in these areas.
Level of EBP Specific Continuing Professional Education
The DOL found that audit teams with at least 8 or more hours of continuing professional education specific to employee benefit plan audits in the previous three years had fewer audit deficiencies. CPAs with the fewest deficiencies (and who also performed the most audits) cited an average of 24 or more hours of continuing professional education in the last three years previous to the audit.
Ask your prospective employee benefit plan audit team about the level of CPEs they have achieved in the years leading up to your audit. Also ask them how many EBP audits they perform each year.
Compliance with Plan Documents
Cornwell Jackson audits more than 75 employee benefit plans a year. The number one issue we identify is that daily management of the plan often does not match the original plan documents. For example, definitions of compensation in the plan documents don’t match what is actually reported for employees. Auto enrollment is another area that requires careful management, since employees must be enrolled within a timely manner as soon as they are deemed eligible (unless they choose to opt out). The mere opportunity to enroll must be communicated to employees in a timely manner, too.
The DOL has noted other deficiencies in day-to-day management, including accurate recording of participant data, proper and timely payments of benefits and timely, accurate collection of employee contributions.
Quality independent auditors should be able to discuss the importance of consistency between plan documents and day-to-day management as well as internal controls — and how they test for such weaknesses.
Limited Scope Audits
An increasing number of what are called “limited scope” audits appear to have contributed to a decline in audit quality since 2001. Limited scope audits allow auditors to issue “no opinion” on the plan’s financial statements. However, limited scope audits do not decrease the auditor’s duty to focus on all relevant audit areas. They simply allow auditors to exclude investments held and investment-related transactions and income already certified by qualifying entities (e.g. investment brokerage firms).
Almost 60% of limited-scope audits in the 2015 DOL study “contained major GAAS deficiencies in areas of the audit not related to investments, including contributions, participant data, benefit payments and internal controls.”
When considering a potential auditor for a limited-scope audit, ask about the audit team’s approach to ensure that all relevant audit areas were included in the audit engagement.
Clean Peer Review
Many of the auditors included in the DOL study were also found to show deficiencies in professional standards based on peer review. A qualified peer auditor with particular knowledge of EBP audits can identify these deficiencies. Peer review overall is designed to support high quality audit standards and best practices across all firms. However, the DOL found that many CPAs with deficient or rejected audits also did not have an acceptable peer review. Some of them did not undergo peer review at all.
Ask your potential EBP auditor about their history of peer review and whether they can attest to an acceptable peer review.
If you are concerned about your audit team’s qualifications to perform a quality independent employee benefit plan audit, include these questions and considerations in your RFP process and visit the AICPA EBPAQC to learn more. There is also an EBP audit preparedness checklist available through the AICPA at http://bit.ly/1pWHGIM.
Plan administrators have a greater burden to hire a qualified auditor, given evolving training and certification of auditors and the complexity of the audit itself. It will greatly benefit any plan administrator or trustee to schedule time with a EBP auditor at Cornwell Jackson to understand these changes and pursue additional training if necessary.
Continue Reading: For more information, check out our next blog post about Top Employee Benefit Plan Audit Quality Improvements here.
Mike Rizkal, CPA is a partner in Cornwell Jackson’s Audit and Attest Service Group. In addition to providing advisory services to privately held, middle-market businesses, Mike oversees the firm’s ERISA practice, which includes annual audits of over 75 employee benefit plans. Contact him at mike.rizkal@cornwelljackson.com.
Originally published on June 27, 2016. Updated on April 27, 2018.