Know What to Expect in Your 403(b) Plan Financial Audit

(PLANSPONSOR (b)lines) - Many sponsors of ERISA-covered, large 403(b) retirement plans will face significant challenges in complying with the new Department of Labor (DoL) requirement to file an annual financial statement audit with their Form 5500– Annual Return/Report of Employee Benefit Plan.

Since many plans will be audited for the first time (the audit requirement begins with plan years beginning on or after January 1, 2009), many of the questions the auditor will ask deal with the plan’s history and current status — such as when was the plan established; whether the plan has been amended; which vendors does the plan currently utilize for plan investments; which vendors have been used in the past; and the plan’s governance and established responsibility for financial reporting.

The critical questions from the auditor will be with regard to the availability, completeness and accuracy of the plan’s records.  These records – both current and historical – will need to include participant information; investment information; information regarding distributions from the plan; and, if permitted by the plan, information about any loans and/or hardship distributions to participants. (Note: In addition to the 2009 plan year, information will also need to be collected and reported for the previous year-end (e.g.: December 31, 2008 for a calendar year-end) in accordance with DoL regulations.)  If the plan has utilized more than one vendor for the plan’s investments, the plan will need to collect and compile all the plan data from the various sources. The plan may use a vendor to aggregate this information but generally cannot use the independent auditor to do this.

As a plan fiduciary, the sponsor (or its internal designee) has the ultimate responsibility to collect and maintain the records necessary to allow for proper plan administration and to facilitate the audit of those records.

The plan auditor will also ask about the plan’s (and/or the sponsor organization’s) internal control policies and processes related to plan accounting and reporting.  Internal controls are the “checks and balances” within both the organization and its service providers that should be in place to ensure that the plan’s transactions are implemented and documented correctly and that any error or fraud could be prevented and/or detected. The plan’s internal controls should ensure proper authorization and recordkeeping of plan transactions, including investments, contributions, benefit payments, participant data, and administrative expenses.

For outside service providers, the sponsor will be asked to obtain a “SAS 70 Report,” if available, which is prepared by the auditor of the service organization (e.g.: payroll processing, investment and/or recordkeeping services, third party administrators, etc.)  A SAS 70 Report enables the plan’s auditor to gain an understanding of the service provider’s internal processes and procedures and whether its internal controls are in place and functioning as intended.  In addition, the SAS 70 Report will also specify certain “user controls” – that is, the controls that the service provider expects the plan sponsor to have in place in order to ensure that the overall process functions properly.  For example, the service provider may provide periodic reports to the plan sponsor that it expects will be reviewed and corrected, if necessary, by the plan sponsor.

Questions about the Plan

Generally, the auditor will ask for copies of the current plan document and amendments – signed and dated; a copy of all relevant contracts and service provider agreements (including, if applicable, insurance contracts, custodial agreements, payroll records, etc.); documentation regarding any significant changes to the plan (mergers, spinoffs, termination, etc.); and/or significant changes to the plan sponsor organization that could have an impact on the plan.  Questions will be asked regarding the sponsoring organization’s as well as the plan’s oversight.

Those questions may include: what is the “tone at the top” and how do “those charged with governance” view their fiduciary responsibilities including compliance with the reporting and disclosure rules for the plan; what steps are in place for the prevention/detection of fraud; have there been changes in governance; who will be responsible for preparing for the audit and providing the necessary information; and who will be in a position to assist with and oversee the audit process?

In addition, the auditor will make inquiries about any contact from any governmental organizations (e.g.: DoL, IRS, etc) or with regard to any complaints from participants or actual or threatened litigation, the potential for fraud, and any dealings with related parties and/or parties-in-interest or non-exempt (prohibited) transactions (e.g. late remittance of employee deferral contributions, self-dealing, etc.). The auditor will also want to know who has prepared the Form 5500 in the past and who will be responsible to prepare the current year’s return – and their ability to do so – (Note: The Form 5500 will need to be completed in its entirety under the new DoL rules.)

This article highlights many of the general questions a plan's auditor may ask, but the auditor will also need to ask other questions specific to the plan.  The audit experience will go smoother if there is a frequent and open dialogue between the plan sponsor and the auditor.

The AICPA Employee Benefit Plan Audit Quality Center (EBPAQC) has created an online 403(b) Plan Resource Center (accessible at: that has several free tools to assist 403(b) plan sponsors and auditors with their financial audits. These tools include a summary of the new filing and audit requirements, steps plan sponsors can take to help their plan meet these new requirements, and examples of the types of questions that plan sponsors may be asked by the plan’s independent auditor.

Robert A Lavenberg, Partner, BDO Seidman, LLP

Ian MacKay, Director- AICPA Employee Benefit Plan Audit Quality Center


The American Institute of CPAs established the Employee Benefit Plan Audit Quality Center as a voluntary membership center for CPA firms that audit employee benefit plans. Members are committed to performing quality audits of employee benefit plans and adhere to membership requirements.


NOTE: This article is for informational purposes only and should not be used as legal or tax advice.