After you hire an independent CPA firm to audit your company’s retirement plan, what’s next on the to-do list? Can you walk away and let the auditor take it from there?
No. Before the plan financial statement audit begins, you need to make sure you have access to plan records. This is one of many responsibilities of a plan administrator – maintaining the financial books and records of the plan and filing an accurate annual return. Plus, keeping up-to-date, easily accessible records can help the audit go smoothly.
If you don’t know how to prepare for a benefit plan audit, it’s ok. We’ve put together a list of the records you should be able to access and share as the audit team requests them. This list isn’t all-inclusive, but it does cover the basics.
Documents you should gather to prepare for an employee benefit plan audit:
- Participant or personnel records
- Payroll files
- Support for any prohibited transactions
- Key discussions or decisions about the plan
- A list of the plan’s service providers
Click any of the items listed above to jump to that section.
You should have access to documentation with employee data. You’ll need plan participants’ names, birthdates, hire dates, plan enrollment dates, termination dates, Social Security numbers, employee classifications, and more. If there’s any demographic data that determines eligibility, compensation, and plan contributions, you’ll need those as well.
Auditors use payroll files, such as timecards and wage authorizations, to determine participants’ eligibility and contributions. Without these documents, it’s more difficult for auditors to perform testing. You may also need to provide total payroll information for the year, specific pay periods, as well as other support for wages and hours worked.
Employees’ enrollment forms indicate how much they want to contribute to their retirement plan. Auditors use this information to verify the contribution selections against the contributions made. Auditors will also look at these to verify payroll deferral amounts and that participant investment choices are made in accordance with the participant’s designation.
As plan administrator, you should be able to provide the initial contribution selections to the audit team, as well as any subsequent changes. Your service provider may also assist with retaining these records; however, you should ensure the information is easily accessible.
If your organization has a match provision, i.e., matching 4% of employees’ pay, you’ll need records of the match policy, calculations, and contributions. The audit team will test to ensure you’re adhering to the match policy and correctly calculating the match contributions.
You should also be able to provide supporting documentation for any rollover contributions. Rollovers are when an employee moves funds from a former retirement plan to the current plan. Employees communicate they want to make the transition, and auditors test to make sure the rollover was done in accordance with the employee’s request. You (the employer) or the plan’s third-party administrator (TPA) should have detailed communication about the rollover and which party will retain the documents.
Maintaining a list of contribution transactions is crucial for an employee benefit plan audit.
If plan participants take distributions – take money out of their account – you should have documentation about the request and distribution amount, plus files that support the reason for distribution. Auditors will review these files to ensure you’re following distribution rules.
A loan taken from a retirement plan account is very similar to a distribution. You should be able to provide loan authorization forms to the audit team for testing. Also, you or your service provider should be able to provide a list of all outstanding participant loans and any new loans that were taken during the year.
Prohibited transactions are activities you aren’t allowed to do with plan assets. Examples include holding on to employee funds and not depositing funds into custodian accounts, extending credit, or benefiting from transactions conducted on behalf of the plan. If any prohibited transactions occur, there should be extensive documentation supporting the validity of the transaction or any litigation involving the plan.
Documents that reflect any decisions made about the plan’s operations are critical to retain. Plan governance records may include documents that capture the plan administrator’s fiduciary decisions. Examples of documents you should keep include plan communications and notices to plan participants, board resolutions, minutes, written plan policies, the plan document, plan amendments, contracts and agreements, internal controls policies, support for plan mergers or transfers, etc.
If anyone is involved with the operation of the plan, you should have an up-to-date listing of each party working with the plan and copies of service agreements. Service providers that work with your plan may include trustees, custodians, third-party administrators, insurance companies, investment advisors, etc. It’s best practice to keep this list updated with your key contacts and their contact information.
Best practices for record retention
It’s part of the plan administrator’s fiduciary responsibilities to retain and maintain documents that support all plan activities, protect participant information, and comply with legal requirements.
Files may be paper or electronic. Saved in a filing cabinet, digitally, or via an online portal. Records may be saved by several parties. Operational documents may be maintained by the plan sponsor. Documents specific to individual participants may be saved by the plan sponsor or service providers. Others may be managed by your organization in various departments (legal, human resources, finance) or by your service providers.
Make sure you keep documents for as long as a participant has a balance in the plan. Many plan administrators overlook this rule.
You should establish a written record retention policy that governs how your organization regularly reviews, updates, saves, and discards documents related to plan administration. If your service providers maintain plan records, you should know their record retention policies. Remember – if you contract with a service organization, you’re still held responsible for retaining adequate plan records. Make sure your providers are following their retention policies.
This practice will also help you clarify who saves which files and reduce confusion or miscommunication. You don’t want to find yourself in a position where you’re unable to fulfill an audit request.
More tips for success
Remember, this list isn’t all-inclusive. It covers the basic information an auditor will request to perform the audit. Many auditors use a sampling method to test plan transactions and participants. They may ask for more information depending on your type of plan, the type of transaction they’re testing, previous audit results, and their own audit strategy.
If you’re new to benefit plan audits, talk to key department heads and your service providers to understand which records they store and how you can access them for a future audit.
You’re not alone in this. The audit team will provide some guidance and communicate what they may need in the form of client assistance schedules and planning conversations. However, if you prepare for the benefit plan audit by reviewing your record retention policy and familiarizing yourself with plan records, it’ll help reduce your risk and save time.
Need help preparing for your upcoming benefit plan audit? We have a free, fillable checklist for you! Use this document to list the plan’s service providers, what they do, and the files they save. Review the checklist to make sure you’re familiar with the records your auditor may request and where they’re saved.