Making Sense of Audits

How advisers can help their clients through DOL audits, with recordkeeper help
Cheryl Steinert and Jon Prescott

The retirement plan audit is, for most plans, an annual occurrence, but it can still strike fear into the hearts of many—especially those selected for a random audit. It is also a process during which plan sponsors look for help from their retirement plan advisers. However, the process does not have to be frightening, as CPI Qualified Plan Consultants’ Jon Prescott, vice president of relationship management and strategic initiatives, and Cheryl Steinert, senior manager of recordkeeping services, recently told Alison Cooke Mintzer, editor-in-chief of PLANADVISER.

PA: What kind of audits are retirement plans subject to?

Steinert: There are several. If the plan has 100 or more participants at the beginning of the year, there is an audit that is required to be attached to the Form 5500 that we call the compliance audit for the 5500. Another would be a random audit, for which the plan would be selected by the Department of Labor (DOL) or the Internal Revenue Service (IRS).

Prescott: Depending on how the Form 5500 is filed, the Department of Labor could contact the plan sponsor directly and say, “You’ve been identified for a random audit,” which is unnerving for many plan sponsors.

Some service providers file the Form 5500 for the plan sponsor in the name of the service provider, so the DOL notifies the provider that the plan has been identified for a random plan audit. Then the service provider is in a position to soften that blow to the plan sponsor and work with the sponsor to help them through this.

At CPI, we help our plan sponsors with random audits. Clients sign a Form 2848 so that we can talk to the DOL about their plan and help with that audit process. It’s important that the plan sponsor partners with a service provider that will more than willingly step forward and help them through this audit process.

Steinert: There have been some changes over the last couple of years: We’ll prepare the 5500 for the client, and then they sign off on it, but the clients have to obtain their credentials, sign the 5500, and then send it in themselves. We do help them as much as possible, but everything is going to electronic filing. We do help the client with the process of obtaining those credentials.

We’ve had an 800-number available for those clients that are getting close to their filing deadline and haven’t gotten their credentials. Maybe they can’t figure out how to answer their questions or how to complete the submission. They can call us, and we’ll help them with any questions they might have—and you know we’ve gotten those calls at the 11th hour.

Prescott: It’s important that the adviser understands that since they’re the front-line adviser on every plan, they need to help their plan sponsor to partner with a service provider that helps in the audit process when necessary—both the compliance audit on the Form 5500, and also if their client is chosen randomly by the Department of Labor. It’s important that the adviser ensures clients are working with a service provider that offers this kind of support.

PA: You described different kinds of audits, but even within those, are all random audits the same, or is that often not the case?

Steinert: No. A random audit can be anything. It could be a question on the 5500—how it was answered just doesn’t quite look right—and so it will trigger an audit. A participant might call the DOL and say, “I’m not happy about this,” and so he might trigger an audit. An audit can happen over many different things.

Prescott: The random audits that are initiated by the DOL wouldn’t necessarily include the whole plan audit, it could focus on just a piece of the plan: loans, distributions, contributions, the timing of contributions. Many plan sponsors don’t realize that there are two types of compliance audits for the Form 5500: a full scope and a limited scope.

The CPA firm, if they really understand retirement plan audits, will see what they can do to provide a limited scope audit—do they have everything they need, and it is in the format they need? Many times the auditor will ask that all of the plan information be provided electronically. It is then easier for the auditor to drop that data into their audit process, which can potentially reduce the cost of the audit to the plan sponsor.

That’s where our Auditor’s Toolbox comes in; it’s a patented system through which auditors can download everything they need to conduct a limited scope audit. I don’t think we’ve ever gotten pushback from a CPA firm that really knows this business, but we have from other firms that dabble in it, and their first approach is to do a full scope. Then we have to say, “Let’s look at this more closely. We can provide you everything you need to conduct a limited scope audit and save our mutual client thousands of dollars in audit fees.”

Steinert: We try to set up all of our plans so that they have a custodian that can provide us with certified statements. If certified statements can be provided on all of the investments, then they can do that limited scope audit. It all depends on the investments the client has chosen.

Will it allow a limited scope audit or not? If it doesn’t, then they’ve got to go with a full scope audit, and of course that’s more expensive and more in-depth.

Prescott: If the plan has individually directed accounts (IDAs) with stocks and bonds, it’s pretty much a guarantee that they’re going to have to have a full scope audit.

From an adviser standpoint, they need to be aware of that and proceed carefully. When they are advising or if their plan sponsor is saying, “I want my own brokerage account window,” then the adviser should point out to the plan sponsor, “You have 110 participants, and you are going to be subject to a compliance audit. Those IDAs will incur additional fees for your corporation or the trust because more likely than not you’re going to be subject to a full scope audit because you just can’t get certified statements on brokerage accounts, individual stocks or bonds.”

PA: What type of information does an auditor need to complete an audit?

Steinert: They’re looking for payroll information, participant information. They’re going to compare the payroll information that the client would send in to make sure that it matches what was received on the plan side.

They’re going to start with compensation, deferrals, deferral match or anything like that. On the participant side, they’re going to look for compensation, hours worked. They’re going to look for lots of dates—dates of birth, dates of hire—so that they can determine eligibility. They’re looking for hours—did participants meet the hours requirement to get a contribution per the terms of the document? They’re looking at all of the contributions—were they calculated correctly according to the terms of the document? Was the person a Highly Compensated or Key Employee? That will affect all of the tests and how those tests are conducted.

PA: What are some of the things a plan sponsor can do to make the auditor’s job easier?

Prescott: Make sure they have access to the year-end payroll records, because the auditor will ask for that. If the service provider is not collecting data along the way, it will be the responsibility of the plan sponsor to access the payroll provider or in-house payroll system to provide that to the auditor. And if they have an in-house system, do not purge that information, because sometimes these audits take place several months after the end of the plan year and the auditor might need it.

The auditor also has to have the SSAE 16 audit on the vendor or the custodian, because that is part of the requirements of a limited scope audit. And again, that’s important for the plan sponsor and the financial adviser, to make sure they partner with an entity that will hire an independent CPA firm that understands the retirement plan industry to conduct that SSAE 16 audit. It’s expensive; a lot of service providers, especially the smaller ones, don’t have the resources to pay for that, and therefore subject the plan sponsor to a full scope audit because they haven’t spent the money to have an SSAE 16 audit.

Steinert: We not only have our SSAE 16 audit in the Auditor’s Toolbox, we partner with a bank to provide directed trust services for some of our clients that want to have an institutional trustee. They have provided us with a copy of their audit, so it can be in the toolbox and available to clients for their audits.

We also trade through Matrix Settlement & Clearance Services LLC, and their SSAE 16 audit is in our system as well. Those audits are the supporting documentation for our system to show the auditor from the get-go that the system that they’re auditing has already been audited—to prove that it does what it says it does. When we say this is how we process a distribution, there is something in the SSAE 16 that has already been tested to make sure that distribution is processed correctly.

We also have an SSAE 16 from the provider of our recordkeeping software. We make all of the audits available to our clients to support the ability of the auditor to complete that limited scope audit.

PA: What do plan auditors look for when auditing?

Steinert: They’re going to look for operational issues: Is the plan following the document, is it calculating the eligibility correctly, is it calculating the cost, is it using all of that correctly, is the payroll calculating the salary deferral or the match correctly?

Auditors pay close attention to loans, and the DOL monitors those as well. Is the employer following the amortization schedule for loan payments? Is the employer making payments timely? If the document says to make loan payments through payroll deduction, is that being done?

Hardship distributions have come under close scrutiny: Is there a valid reason why the participant had to have a hardship, and does the plan sponsor have the documentation to determine that hardship truly existed? Does the sponsor have a bill to prove the medical expense? The plan sponsor has to have the documentation in place as well for hardship loans and distributions.

Another thing that the auditor looks for is not only comparing how the plan is actually run compared to the features of the document, but also discrepancies in transactions.