Auditors’ View of Plan Management

Auditors share common errors they find when doing retirement plan financial audits and what they recommend for plan sponsor processes.

It might seem like more plan sponsors than usual would file for an extension of Form 5500 filing this year because of the extra work put on them by the effects of the COVID-19 pandemic.

But Bradley J. Bartells, certified public account (CPA) and a partner at MUN CPAs in Sacramento, California, whose firm performs “about 50 large plan audits,” says he’s seen the same number of extensions as in prior years. He notes that some plan sponsors that file for an extension just like to do their filing later, and others do so because it takes them longer to get all their information together.

Jennifer Moore, director of 401(k) audit services at PriceKubecka, says recordkeepers normally file extensions automatically. The majority of her firm’s clients extend their filing.

Moore says it’s been an interesting year with the COVID-19 pandemic. Even this late, her firm is getting many calls from plan sponsors trying to find auditors. “Businesses have been closed for so long, they are trying to get back into the swing of things,” she says. “I think the DOL [Department of Labor] will see a lot of filings coming at the deadline.”

With the extension deadline coming up on October 15, Bartells and Moore shared their concerns and suggestions for plan sponsor processes.

Although it’s called a financial audit, auditors examine many things in retirement plans. Bartells says auditors get items they need from payroll providers, plan custodians and third-party administrators (TPAs) or recordkeepers. However, from plan sponsors, auditors need minutes from the meetings of plan trustees or oversight committees. “A lot of plan managers don’t keep minutes, so there’s no evidence or documentation that they are exercising their fiduciary duties. Even some of our repeat clients are not consistent about it,” Bartells says. “There are so many lawsuits out there against plan sponsors about fees and investments. If they would just document how they benchmark or how they came to decisions, they would probably save a lot of money on defense costs.”

In a LinkedIn post, “401k plan concerns – from the auditor perspective,” Bartells says there are still plans that haven’t even established and formalized an oversight committee. Plans need “to have an oversight committee which regularly meets to review plan activity and perform tasks that will be subsequently discussed. The oversight committee for the plan should include the named fiduciaries of the plan, as well as key members of management who are involved in the day-to-day operations of the plan. I recommend the oversight committee for the plan meet no less than quarterly,” he says in the post.

As for keeping meeting minutes, Bartells’ article says, “From an auditor perspective … if it’s not documented, then it did not happen.”

Common Issues Auditors Find

Asked about common mistakes he sees, Bartells tells PLANSPONSOR that using the wrong definition of compensation when calculating deferrals or employer contributions “is a big one.” According to his LinkedIn post, “This is typically caused due to the definition of compensation in the plan document being all-encompassing, such as ‘all W-2 wages.’ But the plan sponsor then incorrectly excludes certain W-2 wage items, such as bonuses or vacation payouts, from the calculation of employee deferrals or employer matching calculations.”

Bartells recommends that plan sponsors periodically revisit the definition of compensation in their plan document and that the definition of compensation should be very clearly defined.

Moore says she also sees sponsors mistakenly not following the correction definition of compensation, especially in new audits. “A company’s payroll system gets set up first; the 401(k) plan gets set up later,” she says. “Until the plan is set up, it hasn’t had to check whether it is withholding money on the correct definition of compensation. Many are mistakenly excluding bonuses.”

Bartells says continued late remittances of deferrals are also an issue. “Most plan sponsors use a payroll provider, and contributions and loan repayments are regularly remitted,” he says. “The most common situation I see is in physician groups that have different pay codes for different pay cycles. They can lose track of what should have been remitted and send money a few weeks late. Companies with complex payroll cycles need better processes and controls.”

Moore says the timeliness of depositing contributions is also an issue, again, especially in new audits. The DOL provides a seven-business-day safe harbor rule for employee contributions to plans with fewer than 100 participants. But “large plans” that require a financial audit to be filed with their Form 5500 are those with 100 or more participants. “Large plans need to get contributions deposited sooner,” Moore says. “We suggest plan sponsors take care of it when they take care of payroll tax withholding.”

Moore says one problem her firm is seeing more of this year, because there have been more conversions to new recordkeepers, is a lack of documentation about loans. “Plan sponsors rely on recordkeepers to keep documentation for loans, but when they switch service providers, they are losing that documentation, which proves those transactions were taken care of in accordance with participant requests,” she explains.

“Many plan sponsors don’t realize they are ultimately responsible for providing supporting documentation,” Moore adds. “So completely relying on recordkeepers leaves them open for issues with our audit, the DOL or IRS.”

Moore says her biggest worry about plan management is when sponsors blindly rely on recordkeepers. “It worries me when we’re doing initial inquiries with plan sponsors and their answer to everything is, ‘Oh, we don’t do that; the recordkeeper does that,’” she says. “I’d say at least 75% of the time they say the recordkeeper is doing something, it’s not. For example, some plan sponsors think their recordkeeper is sending eligibility notifications to employees, but it’s not. Sometimes they don’t think they have to keep documentation, but they should be.”

Bartells says, on a high level, what worries him about plan sponsor processes is when employers have outsourced most duties so it almost seems like the sponsors don’t take enough interest in or responsibility for the plan. “When I talk to them about what’s going on with their plan during the year, it seems like they don’t have a good feel for it,” he says. “They are ultimately responsible, and the DOL wants them to know what is going on with the plan. Some are completely withdrawn from plan activity.”

Suggestions for Plan Sponsor Processes

As part of plan sponsor processes, Moore says she stresses that clients should “make sure whatever comes out of payroll is getting deposited timely and correctly.” She recommends plan sponsors do a reconciliation at the end of each year.

In addition, “to earn a gold star,” Moore says plan sponsors should know the correct definition of eligible compensation for contributions. “At year-end, make sure contributions have been allocated correctly and look at any special pay that may have occurred—anything unique,” she says.

Other than having a retirement plan committee, Bartells suggests plans have an investment policy statement (IPS) and follow it as part of their processes. He says he would suggest that plan sponsors use an independent financial adviser to give information to the committee and do an unbiased evaluation of investments.

Bartells also says it might make sense for some plan sponsors to do their own sampling or internal audit if they’ve had audit issues in the past or have a complex plan or complex calculations for different groups. Sampling is when a percentage of participant accounts is randomly selected and checked to make sure contributions, loan repayments, distributions, etc. are correctly calculated and posted.

In his LinkedIn post, Bartells says he is “surprised by how many plan sponsors are unaware that SOC-1 reports exist.” He explains to PLANSPONSOR that auditors “rely on these a great deal.” SOC stands for “System and Organization Controls.” Bartells says if he looks at a recordkeeper’s SOC-1 report, for example, and sees it has clean controls in place, he can reduce some of the sampling.

“We find that plan sponsors don’t look at them to make sure service providers have effective controls in place to process transactions, so they don’t know if there are any issues,” Bartells says.