The Employee Benefits Security Administration of the Department of Labor has asked the 2019 Advisory Council on Employee Welfare and Pension Benefit Plans (ERISA Advisory Council) to seek out ways through which the audits of employee benefit plans required under Section 103 of the Employee Retirement Income Security Act (ERISA) and the regulations promulgated thereunder could enhance the safety of the plan’s assets, the effectiveness of the plan in satisfying its purpose, the efficiency of the plan’s operations, and the plan’s compliance with ERISA, the Internal Revenue Code, and other applicable laws.
The focus of the current inquiry is on increasing the knowledge and understanding of the plan administrators that procure financial statement audit services and on improving the procedures that such plan administrators implement in selecting an auditor, preparing for the audit, communicating with the auditor before, during, and after the audit, and adopting changes in the plan’s documentation, operations, policies, or procedures based on the results of the audit. In its request to the Council, the DOL raised concerns about the “commoditization” of plan financial statement audits, in that plan administrators were not sufficiently availing themselves of the audit process to re-examine inputs provided to the auditors, to take advantage of the routine operational discipline that a proper annual audit process should encourage, or to learn about improvements in the plan’s documentation, operations, policies, or procedures that could arise from a robust audit engagement.
During a hearing on June 25, James Haubrock, CPA, chair of the Executive Committee of the American Institute of Certified Public Accountants (AICPA) Employee Benefit Plan Audit Quality Center (EBPAQC), testified about how the audit process can help plan administrators fulfill their fiduciary responsibilities by providing an opportunity and discipline to demonstrate due diligence by reviewing and enhancing plan governance, operations, records, internal control, compliance and reporting. He said by actively participating in the audit process, plan administrators are better able to make proper assertions relevant to the amounts, transactions and disclosures reported in the plan’s financial statements.
“The audit process provides an opportunity and discipline for the plan administrator to demonstrate due diligence by reviewing and enhancing matters relating to plan governance, operations, records, internal control, compliance, and reporting. The plan administrator’s fiduciary responsibilities include plan administration functions such as maintaining the financial books and records of the plan, and to file a complete and accurate annual return/report for the plan on a timely basis. The auditor can provide feedback on the effectiveness of and suggestions for improving processes and controls in place related to fiduciary responsibilities and efficient and effective plan operations,” Haubrock stated.
He explained that to gain an understanding of the plan and its environment and assess audit risk, the plan auditor generally reviews plan committee minutes and other documentation. Discussions with the plan auditor about the review of this documentation can provide the plan administrator with valuable information about potential deficiencies and risks in the oversight process.
In addition, if the auditor identifies any instances where the plan is not operating in accordance with the plan document, that information should be communicated to the appropriate parties. The plan auditor also will check to see that those operational errors identified have been corrected, Haubrock said.
According to Haubrock, an important responsibility is maintaining the financial books and records of the plan, including ensuring contracts, policies and agreements, and other relevant documents are up-to-date and any amendments are approved and adopted; plan records are properly maintained and they are current, complete and accurate; and the sum of individual participant accounts from the recordkeeper are reconciled to trustee/custodian’s trust statements. The audit process can help the plan administrator address all of these areas.
“The auditor is required to obtain an understanding of the plan and its environment, including the plan’s internal control. As such, the auditor may identify areas where enhancements should be made to control policies and procedures. For example, the auditor may suggest appropriate controls related to valuing and reporting hard-to-value investments. The auditor is required to communicate significant deficiencies and material weaknesses in internal control, and may make suggestions for improvement,” Haubrock stated.
He added that auditors can assist plan administrators in understanding parties-in-interest and the related rules, which may help them avoid entering into prohibited transactions.The ERISA Advisory Council intends to complement its 2010 Report on Employee Benefit Plan Auditing and Financial Reporting Models, the focus of which was on the auditors and the quality of the audits being performed. At that time, the Council found there were significant problems with retirement plan audit quality, auditor quality, or both. It recommended that the Department of Labor (DOL) should require plan administrators to identify on the Form 5500, or other annual report, whether or not the plan auditor is a member of the AICPA EBPAQC; and the DOL should establish a fiduciary safe harbor in the initial selection of plan auditors who are members of the AICPA EBPAQC.