The ABCs of EBPs – Don’t underestimate the power, importance of Employee Benefit Plan (EBP) Audits

Around this time every year, organizations are (rushing?) to meet the extension deadline to complete their employee benefit plan audits. Savvy owners know the importance of employee benefit packages when it comes to attraction and retention. But plan audits aren’t exactly everyday parlance. As the mercury dips, warm up to these specialized reviews as an opportunity to improve your operations, not as a source of stress that could potentially cost you money and your reputation as an employer and brand.


Employee Benefit Plan Audits, an introduction


Audits are viewed by many employers as a necessary evil. The term also has a dreaded connotation around tax time; however, as with other types of audits, the EBP audit should be viewed as an opportunity. In partnership with your accountant, a review of EBPs that is properly, completely, and promptly conducted helps to zero in on areas for improvement within the benefits packages and processes; for instance, you as an employer might determine ways to more efficiently manage these assets.

During an EBP audit, the following areas represent a partial list of the items that will be combed through:

  • 401 (k)s

  • Profit-sharing

  • 403 (b)s (limited to public schools, tax-exempt organizations)

  • Employee Stock Ownership Plans (ESOPs)

  • Union representation

  • Pensions

  • Savings

  • Health

  • Vacation

  • Severance

Audits must be performed and completed in accordance with generally-accepted auditing standards and the Employee Retirement Income Security Act. Established by Congress in 1974, ERISA was designed to correct the abuses that plagues the country’s pensions and welfare system. Administered by the Department of Labor, IRS and Pension Benefit Guaranty Corporation (PBGC), ERISA applies to these benefits and spans provisions to protect plan participants and beneficiaries. Furthermore, legislation was enacted as a deterrent to abusive practices.


As part of ERISA, Congress required that annual reports be filed related to EBPs’ financial conditions and operations. Notably, the report must include the audit in the spotlight within this piece, which states that the financial data wherein complies with standards set by accounting industry institutions: the Financial Accounting Standards Board and the American Institute of Certified Public Accountants. Nearly all plans of 100-plus participants must furthermore be audited annually by an independent and qualified public accountant.


Don’t cut corners

This type of audit largely requires an experienced team with an eye for detail. Failure to comply with the standards has its share of consequences. In fact, the Department of Labor’s Employee Benefits Security Administration has through the years analyzed the quality of EBP audits. The agency selected a “statistically-valid” sample of 400 audits form a target population approaching 82,000 filings. These audits were performed by 7,300-plus CPA firms, ranging from those that performed a couple of audits annually to those that completed more than 750 such audits each year. More than half of the firms performed one or two audits, with 20% performed three to five audits, and 21% were responsible for six to 24 EBP audits.


The nearly 200-page EBSA report found that 61% of EBP audits fully complied with the professional auditing standards or had minor deficiencies; however, nearly four of every 10 audits contained egregious deficiencies associated with at least one requirement. These deficiencies were of such severity that they triggered a Form 5500 filing rejection, which puts a reported $653 billion across 22.5 million participants (and their beneficiaries) at risk. When compared to previous EBSA studies, more assets and plan participants were on the line due to these deficiencies and oversights.


To reinforce the importance of partnering with professional skilled and intimately familiar with EBP audits, EBSA concluded there is a “clear link” between the number of EBP audits performed by a CPA and the quality of the audit. The CPAs who performed the fewest EBP audits annually had a 76% deficiency rate, while the firms that performed the most EBP audits had a deficiency rate of 12%. In fact, CPA firms that were members of AICPA’s Employee Benefit Plan Audit Quality Center tended to produce audits with fewer deficiencies. Created in 2003 by AICPA’s Board of Directors, the Center was created with the aim of improving the quality of employee benefit plan audits. Through voluntary membership, CPA firms are reportedly committed to membership requirements that affect management practices, including designating a partner-in-charge of the quality of the firm’s EBP audit practice. Additional requirements include obtaining EBP specific training; establishing and maintaining quality control practices; self-monitoring adherence to policies; and providing its audit practice external peer review to the public.

Center members also have access to resources ranging from regulatory guidance to training opportunities and research. Its member-firms reportedly perform in excess of 60% of the total annual EBP audits. These conclusions probably come as no surprise to anyone with even a passing familiarity with accounting and audit work. Because there are areas within the audit that are unique to employee benefit plans, and that require specialized knowledge. These areas include:

  • Contributions

  • Benefit payments

  • Participant data

  • Party-in-interest

  • Prohibited transactions

Incidentally, each of the above areas represents among the most common deficiencies found in the EBSA review of the 400 sample audits. Some of the specific descriptions of deficiencies characterized by EBSA as “unacceptable” and “major” in areas such as internal controls included:

  • Audits performed by unlicensed auditors

  • Possible fraud discussed in board minutes (engagement team didn’t inquire of legal counsel)

  • Inadequate evidence of fraud inquiries

  • Inadequate documentation of internal control environment

  • Failure to access and document control risk

  • Lack of documentation of risk assessment procedures

  • Failure to review internal controls of service providers

Among established professional standards in audit reports, major deficiencies that were identified include:

  • Delinquent employee contributions weren’t reported

  • Inappropriate presentation of participant loans

  • Inadequate footnote disclosures

  • Inappropriate presentation of financial info on financial statements

  • Lack of ASC 820 Fair Value Measurement disclosures

CPAs may underestimate these unique areas, and perform insufficient or lackluster audit work. Sometimes, the failure to comply with standards is due to being inadequately informed of the unique characteristics and considerations of EBP audits. Alternately, accountants may not access the technical materials that are available; however, having the proper technical guidance didn’t always ensure, via EBSA findings, that a quality audit was performed. Often, again, it comes back to those firms that generally perform loads of EBP-specific work, as they generally have more training with EBPs.

Additionally, it was the dismal findings from these reviews, and the growing number of assets at risk, that led to the AICPA’s Auditing Standards Board releasing a new standard that reportedly takes effect for plan years ending on or after December 15, 2020 – it will affect audits of calendar year 2020 plans that are subject to ERISA (those performed in 2021)

The new standard is designed to strengthen audit quality and enhance auditor reporting. Most changes affect auditors, but some also put the onus on plan sponsors and their management teams. These parties, as well as relevant committees and trustees/custodians, should be aware of their responsibilities, including:

  • The standard firms up management team accountability during EBP audits. Before moving forward with the partnership/client engagement, the designated auditor will require that written documentation acknowledges your organization is responsible for compliance, including maintaining current plan-related documentation and that contributions/distributions align with plan provisions.

  • You should also be prepared to provide written acknowledgement that submitted, certified investment info is reliable. Your auditor assesses the information and issues an opinion on the fair presentation of financial statement amount and disclosures.

  • A completed (or nearly complete) draft of Form 5500 should be produced to the auditor to zero in on material inconsistencies and misstatements (as needed) with the audited ERISA plan financial statements before dating the auditor’s report. The Form 5500 draft will be submitted with related forms and schedules.

Additionally, your auditor will be subject to a number of changes, that affect nearly every part of the plan audit, especially those areas where the auditor must communicate plan deficiencies to you and your management team in writing. Your auditor will largely be taking a closer look at areas that have been problematic during previous EBSA reviews, such as prohibited transactions. These areas represent the greatest sources, historically, of deficiencies and carry the greatest risks of misstatement. Any written notices of issues must be sent as a formal, written notice in a timely fashion. This will in all likelihood trigger additional discussions with your audit partner.

The silver lining on the other side of the audit

Generally, there are numerous benefits to doing the audit, and completing it right:

  • Protect the assets of your valued talent and beneficiaries

  • Produce valuable results that can help you to improve benefits plan management

  • Help you to identify opportunities to save money and to streamline employee benefits

  • Support clearly-organized and analyzed data (business intelligence!), which drives better overall decision-making

  • Assist in becoming a better manager of human and financial resources

  • Provide verified, unbiased, objective insights

  • Help you to avoid the deleterious consequences, including penalties and associated effects of non-compliance

  • Present an investment in your business, a means of protecting the organization from financial fraud or abuse

  • Safeguard the assets of your organization from both internal errors and deceptive employee tactics

Are you prepared to do your part?

You engage with professionals to assure that vital documents are prepared and submitted correctly and timely; however, that doesn’t mean the process should go on auto-pilot. Owners and managers should be prepared to provide documentation and answer queries from the auditing party throughout the process. Failure to do so can affect the ability for the accountant to complete the audit. Plus, it’s just easier for all parties involved when you are responsive to questions. Nowadays, everybody is busy. You’ll spend less time on this project by communicating responsively. Some of the follow-up queries and information that should be in good order include:

  • Assess that transactions are presented and disclosed in financial statements

  • Confirm that the transactions conform with plan provisions

  • Keep up with adequate records for participants

A change of mindset may be due to get the most out of this important partnership with your auditor, and process. With a little insight into the value that can be derived from properly performed audits, and a little foresight, you can maximize this investment in an all-important vehicle that helps to drive your ability to attract (and keep) top talent, and the sound reputation that your organization has as an employer.

5 views

© 2018 by O'Donnell, Ficenec, Wills & Ferdig, LLP