401(k) Audit Checklist

An audit is an official inspection of your company’s employee benefit plan conducted by an outside firm to make sure it complies with IRS and Department of Labor regulations, while at the same time providing an opportunity to assess document retention policies and retention plans.

This article presents a handy checklist for collecting, locating and providing auditors with all of the information commonly requested during 401(k) audits.

Plan Documents
An audit of your 401(k) requires both documentation and data review. Arranging this data in advance will help provide it in a short amount of time for review, streamlining the audit process.

Documents necessary for supporting 401(k) contributions include a list of all contributions made, payroll summary or register for every pay period tested (showing employee deductions), and proof that these monies have been deposited into the trust. Furthermore, plans should provide documentation or schedules of delinquent contributions since inception.

Plans should also contain copies of recent determination letters as well as any letters related to testing for internal controls from previous years. A SSAE 16 (SOC 1) report from a third-party administrator can help reduce testing scope by decreasing the number of tests that need to be conducted by auditors; this service is typically offered by third-party administrators and/or custodians and therefore marked on your checklist accordingly.

Participant Information
An organization managing recordkeeping, accounting and financial statements for 401(k) plans should have documents ready in case an audit takes place, including draft 5500s, investment records, payroll reports, meeting minutes and compensation support documentation.

Custodians must also maintain an inventory of contributions that includes an audit-friendly list that summarizes participants, pay dates, contribution amounts and when received or credited into an account. An auditor will use this information to confirm if all contributions were properly submitted.

Some 401(k) plans may qualify to file Form 5500-EZ, while others must undergo a full scope audit in accordance with Department of Labor regulations and Employee Retirement Income Security Act requirements. A full scope audit ensures compliance with all guidelines and regulations set by IRS and DOL as well as provide employers an opportunity to identify areas of noncompliance requiring corrective actions by them.

Internal Controls
Internal controls are the practices implemented by management to deter errors or irregularities and to provide reasonable assurance of meeting operational and financial reporting goals. They may take preventive or detective approaches; for instance training programs, drug testing policies, firewalls against hacking/theft of data etc are examples of preventive controls; for example dividing duties so an employee writes checks while another authorizes them – or just comparing validated cash receipt vouchers against monthly ledger reports as examples of detective controls.

An effective system of internal control should consist of preventive and detective controls that work together. They should promote compliance with statutes, regulations, bulletins, policies and procedures as well as internal audit requirements such as risk evaluation. An internal audit should involve risk evaluation as well as an assessment of design of internal control system such as documentation, training needs analysis, segregation of duties evaluation and feedback mechanisms – not forgetting creating and reviewing a list of controls to be tested by management.

Financial Statements
If your company offers a 401(k), an audit on its financial statements must be performed to meet Department of Labor (DOL) and Employee Retirement Income Security Act of 1974 (ERISA) requirements. A certified ERISA auditor will examine Form 5500 information provided by employees, verify it against financial statements provided and make necessary corrections as necessary.

Audits involve gathering various documents from you that an auditor will request, such as trust statements and reconciliations, payroll reports, meeting minutes, compensation support for sample participants as well as employee files.

To save time, ensure all documents are organized in an easily accessible folder with date-stamped communications between them. Furthermore, consider implementing payroll and 401(k) recordkeeping integration to avoid data errors – this will help your business avoid surprises during an audit. The list below should help assemble and locate items commonly requested by ERISA auditors.