- July 1, 2016
- Posted by: Mary Kathryn Treusdell
- Category: Audit
by Mary Kathryn Treusdell, CPA
As benefit plan audit season is well under way, there are several common issues that audit teams encounter year after year during their audits of benefit plans. Keep these items in mind when reviewing your plan’s year end information.
- Plan compensation is not being calculated as defined in the plan document. There are several ways that plan documents will define “compensation.” Some of the different ways include only W-2 wages, bonuses plus W-2 wages, or W-2 wages plus elective deferrals less bonuses. If eligible compensation is not being calculated properly, this can impact compliance testing, employee deferrals and the employer match. This could also lead to the plan sponsor paying penalties for incorrect contributions, as well as having to disclose prohibited transactions on the Form 5500.
- Inconsistent and untimely remittance of contributions to the Trust. Failure of the plan sponsor to remit employee contributions to the plan in accordance with DOL regulations may constitute a prohibited transaction. The related guidance on timely contribution remittances states “an employer is required to deposit employee contributions as of the earliest date on which such contributions can be reasonably segregated from the employer’s assets but no more than the 15th business day following the end of the month in which amounts are contributed by employees or withheld from their wages.” However, the DOL is quick to not consider these guidelines as the safe harbor for large plans. Small plans (those with less than 100 eligible participants) have a safe harbor of 7 business days. The DOL actually expects large plans to consistently submit contributions to the Trust at the earliest date. Thus, if the plan sponsor knows the amount of withholdings one day after payroll is processed, the DOL may expect them to submit contributions to the Trust on that day. Plan management should document their considerations and processes around timely contributions and make sure they are consistent in order to avoid any challenges from the DOL.
- Lack of review of census data prior to submission to the third party administrator. The census data includes all eligible employees’ data including date of birth, date of hire, termination date, total plan compensation (as defined by the plan document), employee deferrals, and employer contributions. This information is used by the third party administrators to perform compliance testing and, where applicable, is used by the auditors to make selections for their testing procedures. Therefore, inaccuracies in the census data can create major issues for third party administrators, auditors, and, ultimately, the plan sponsor. It is helpful for plan management to review the census data and perform checks on the data, such as agreeing total compensation to a W-3 summary or payroll summary to ensure the population is complete. Other helpful tasks include performing spot checks on participant data and reconciling the total contributions per the census to the total contributions per the Trust.
- Current information is not maintained in personnel files. Information such as deferral percentages, opt out forms, and pay rate information might change on a periodic basis but should all be updated and maintained in personnel files. Also, access to personnel files should be restricted.
- Plan management at the plan sponsor should be familiar with all of the provisions of the plan document. The plan sponsor has the ultimate fiduciary responsibility for the plan’s participants and should make sure that the plan is operating in accordance with the terms of the plan document.
- Reconciliations of contributions to the Trust are not performed on a regular and timely basis. Hard-key errors are a common reason for differences between amounts withheld and amounts remitted. A reconciliation of the amounts that were withheld and the amounts that were deposited into the Trust should be performed after each pay period. It is much easier to fix an error after it has just happened compared to a year later!
- Lack of consideration of cybersecurity in the risk assessment process. Since benefit plans include sensitive information and cyber-attacks seem to be a frequent occurrence these days, plan sponsors should evaluate their plan’s risk related to privacy, security and fraud. Some suggested steps in their risk assessment process include
- review security policies, specifically including those policies around encryption;
- perform test breaches to identify potential threats to the system;
- understand backup and recovery system plans and perform routine testing;
- ensure insurance coverage is adequate to cover cybersecurity breaches;
- train employees on data security and cybersecurity.
- Hardship withdrawals and/or loans are not made in accordance with the plan document. For plans that allow loans and hardship withdrawals, plan administrators should make sure that participants fill out the applicable loan information, are paying the appropriate interest rate and are paying the loans back in accordance with the terms of the agreements.
- Uncashed distribution checks are not properly reported. For several plans, the third party plan administrator will keep up with uncashed or outstanding distribution checks and follow up, but plan administrators are ultimately responsible for understanding the plan’s policy on distributions and for tracking these assets to make sure they are included in the plan’s assets until cashed.
- Lack of understanding Form 5500 requirements. All pension benefit plans and welfare benefit plans covered by ERISA must file a Form 5500 or Form 5500-SF (Short Form) for a plan year unless they are eligible for a filing exemption. The short form return is for small plans, which are considered those that have less than 100 eligible employees. Plans that have greater than 100 eligible employees at the beginning of the plan year are considered large plans and are required to have an audit. Welfare benefit plans are those that provide benefits such as medical, dental, life insurance, apprenticeship and training, scholarship funds, severance pay, disability, etc. Welfare plans that have fewer than 100 participants and are unfunded, fully insured or a combination of both are exempt from filing a 5500. For example, if a Company provides life insurance benefits to its employees, partially or completely funds the benefits, and has greater than 100 eligible employees, then the plan sponsor is required to file a Form 5500. Form 5500s are due by the last day of the 7th calendar month (July 31 for December 31 plan year ends.) An extension (Form 5558) may be filed up to 2 ½ months after the deadline (October 15).
We see those ten mistakes most often during employee benefit plan audits. It could be helpful for plan management to remember them!