ERISA season is here! A season of gathering census information, preparing Form 5500’s, and completing the annual ERISA Plan Audit. As you may have experienced, the auditor of your ERISA plan may provide you with a management comment letter at the conclusion of the audit. The auditor may even provide you with a letter noting items classified as significant deficiencies or material weaknesses in your Plan’s internal control.
The management comment letter is an opportunity for the auditor to provide insight into issues noted during the audit that are recommended areas for improvement or best practices. Some items may rise to the level where they are required to be reported by the auditor to those charged with governance of the Plan and classified as material weaknesses or significant deficiencies. If there is a letter issued as part of your Plan audit that includes significant deficiencies or material weakness, we strongly encourage the Plan sponsor to fully understand these items and take the necessary actions to address these items in a timely manner. We also encourage you to review the management comment letter, if applicable, and discuss these items with the auditor to gain a full understanding of the recommendation and determine what changes, if any, will be made going forward. To help you prepare for what could be included in such letters, this article discusses four of the most common audit findings in an ERISA audit: Lack of Documentation in Committee Meeting Minutes, Untimely Contributions to the Plan, Lack of Supporting Documentation and Failure to Adhere to Provisions of the Plan Document, and No Annual Review of Service Organization Controls (SOC) Reports.
1. Lack of Documentation in Committee Meeting Minutes
First and foremost, it is recommended that all ERISA Plan Sponsors have a Retirement Plan Committee designated to take on the fiduciary responsibilities of overseeing the Plan. The Committee should include at least three individuals, include a third-party investment advisor, and have at least one committee meeting per Plan year. During the committee meetings, minutes should be taken to include all the fiduciary tasks that were discussed and completed during the meeting and any major decisions that were made by the committee. Examples of items that should be included in the meeting minutes include but are not limited to:
- Summaries of discussions held with the service providers (including the Third Party Administrator (TPA), Recordkeeper, Custodian, and Financial Advisor)
- Analysis of the Plan’s investments. Poor performing investments should be put on “watch” and possibly replaced with a better performing investment. You may consider relying on expertise from the third-party investment advisor or TPA.
- Any Plan amendments, including items such as: changes in employer match, decisions on profit-sharing or discretionary contributions for the year, changes in eligibility or vesting, ESOP contributions, or potential partial plan termination.
- Benchmarking of Plan fees should be performed at a minimum every three years but is recommended annually.
- Review of Service Organization Controls (SOC) Reports (see more on this below).
- Documentation of any participant complaints.
- Review and approval of audited financial statements.
- Review of compliance testing results, including any corrective actions required.
2. Untimely Contributions to the Plan
Timeliness of contributions to the Plan is defined by the IRS as “the earliest date you can reasonably segregate deferrals from general assets.” Auditors are often looking for consistent contributions throughout the entire Plan year and might also reference previous audits or the time it takes for the Sponsor to deposit payroll taxes. If Plan contributions are usually made within one to two days of the payroll date, it would be reasonable to expect all contributions for the year to be around one to two days. Instances where it took the Plan Sponsor longer due to missing the upload to the TPA website, for example, may warrant an untimely contribution.
What do untimely contributions mean for the Plan Sponsor? Untimely contributions require the Plan Sponsor to fund the Plan for the lost earnings incurred by the participants impacted by the late remittance. Typically, a Form 5330, Return of Excise Taxes Related to Employee Benefit Plans, is also required to be filed. The Plan Sponsor must report late remittances on Form 5500.
How does a Plan Sponsor correct a late remittance? The Plan Sponsor will need to calculate and remit the lost earnings, as well as complete the other steps noted above in order to preserve the tax-favored status of the Plan. The Plan Sponsor’s TPA can often provide data to help calculate the lost earnings. Often times, the Plan Sponsor will use lost earning calculation tools provided on the DOL’s website. It is important for the Plan Sponsor to work closely with their TPA, legal counsel, and other Plan advisors throughout this process to determine if this untimely remittance error can be completed through a self-correction or if the Plan Sponsor must use one of the other avenues available for correction, such as the Voluntary Correction Program through the IRS.
As noted above, late deferrals are reported on the Form 5500, as well as a supplementary report within the audited financial statements. If the late remittance is corrected in the same year the late remittance occurred, it will only be reported on the Form 5500 for the year the error occurred. However, if a correction is made in a different Plan year, the error will be reported on the 5500 and audited financial statements in the year the error occurred and each subsequent year through the year of correction.
3. Lack of Documentation and Failure to Adhere to the Provisions of the Plan Document
Documentation should be maintained to ensure all participants within the Plan (including any individual who has funds within the Plan, whether a current employee or not) have support for any decisions made regarding the participant’s elections, as well as their demographic data. It is important to note any verbal conversations should be documented and approved by participants. Verbal confirmation alone would not be considered sufficient evidence. It is also imperative for Plan Sponsors to understand the key provisions of the Plan Document and to ensure those are being followed. Some of the most common deficiencies regarding Plan related documentation and provisions include:
- No election to not participate in the Plan maintained – It is recommended as a best practice that any individual eligible for the Plan that elects not to participate should have some form of documentation on file stating their intent to opt out. Due to the increasing online presence and services provided by TPA’s, this could include going online and electing a zero-deferral rate. If your TPA does not provide this type of service or requirement, a physical form should be maintained within the employee’s file.
- Date of Hire, Date of Birth, Date of Termination, or Service Hours for the year does not agree to personnel files or other payroll data – It is important for the Plan Sponsor to accurately maintain all this demographic data and to properly report it on the annual census. These dates are critical in many facets of administering the Plan including eligibility, vesting, in-service distributions, etc.
- Failure to adhere to the Definition of Plan Compensation as defined in the Plan Document – If the Plan includes bonuses, for example, in the definition of Plan compensation, documentation should be maintained in the file that is signed by any participants electing not to have deferrals withheld from bonuses, if so elected. Another common finding occurs when a Plan Sponsor calculates deferrals using an incorrect definition of Plan Compensation. For example, if compensation as defined in the Plan Document excludes overtime from the definition, however the Plan Sponsor is withholding and matching on overtime, that is an operational error that needs to be corrected.
4. No Annual Review of Service Organization SOC Reports
Service organizations provide an array of services for ERISA plans: recordkeeping, third party administrator services, custodian services, payroll, and actuarial services. Inherently, there is a risk the information received from these service providers is not appropriate and accurate.
As a Plan Sponsor, you are responsible for ensuring the service providers engaged by the Plan are minimizing risks within their operations to ensure the information you receive is reliable. Most service organizations engage a CPA firm to perform a SOC examination. Each year, the Plan Sponsor should request a copy of the most recent SOC report (likely a SOC 1 Type 2 Report) from all service providers to evaluate their credibility and gain comfort that the service provider is operating according to industry requirements.
These reports contain a significant amount of information and can be overwhelming to digest. The most important pieces of the report to review annually include:
- Did the Service Organization receive an opinion other than unmodified?
- Did the Service Organization have any deviations noted during testing?
- What complementary user entity controls has the service organization identified? These are controls the service organization’s clients must have in place to ensure the services operate completely and accurately. The Plan Sponsor should ensure these user controls have been properly designed and implemented within their own processes.
A Plan Sponsor who has a team committed to fulfilling and documenting the fiduciary responsibilities of the Plan, ensuring timely contributions, maintaining proper documentation for all participants, and reviewing their internal controls (including the SOC Reports of the service organizations) is off to a great start for the annual ERISA audit. For any questions related to this article, or for audit guidance in general, please contact Kelsea Faulkner at kfaulkner@vlcpa.com or 800.887.0437.
