The past year changed almost everything, but one thing that remains the same is the need for retirement-plan sponsors to engage an independent accountant to perform an annual audit of their plan. Currently, any qualified retirement plan — 401(k), defined benefit, 403(b), and others — with 100 or more qualified participants (regardless of whether they are participating or not) at the beginning of the plan year is required by law to have an annual audit.
While the need for the audit is consistent with previous years, there is a lot about the process that has changed, which plan administrators and auditors, alike, need to know. For example, the CARES Act included certain elements related to qualified retirement plans, such as allowing coronavirus-related distributions, changing rules related to participant loans and required minimum distributions, and allowing delays of pension contributions.
Auditors will need to consider additional items considering the ongoing pandemic and resulting legislation. If distributions increased in 2020, auditors may be required to select larger samples for distribution and loan testing. Additionally, auditors will need to review any changes in internal controls because of decreased staff, if applicable, and ensure proper controls were still in place to protect the plan assets. For partial plan terminations, the December 2020 stimulus package extended the determination period to March 31, 2021 for 2020. As a general rule, this will allow sponsors of defined-contribution retirement plans to avoid the partial plan-termination rules if the participant count as of March 31, 2021 is 80 percent of the active-participant count at the time the national emergency was declared (March 13, 2020).
Another major difference between past audits and those of today are that they are now being almost completely performed in a remote environment, creating a new level of importance around security of sensitive information passed from plan sponsor to auditor (and vice versa). Auditors should stay in close contact with plan sponsors and remind them to consider potential fraud and cybersecurity issues as sensitive participant information is retained by the plan sponsor as well as service providers. Within the audit itself, there will also be heightened fraud scrutiny as the desperate times of the past year have unfortunately forced some people to resort to desperate measures. Audits will assess if there are gaps in internal controls that could allow money to be fraudulently taken from plan assets.
COVID-19 is not the only factor impacting employee-benefit audits in the near future. In July 2019, the AICPA Auditing Standards Board (ASB) issued AICPA Statement on Auditing Standards No. 136, “Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA.” The standard effective date was postponed due to the pandemic and is now applicable for periods ending on or after Dec. 15, 2021. This new standard prescribes certain new performance requirements for ERISA plan financial-statement audits and changes the form and content of the related auditor’s report. The intent is to improve audit quality and enhance the communicative value and transparency of the auditor’s report. It’s also to address diversity in practice and the work performed in an ERISA audit.
For all employee-benefit plan audits, plan sponsors will now need to:
• Maintain a fully executed, updated plan document (and related amendments).
• Be able to represent that the plan’s transactions are in conformity with plan provisions.
• Maintain sufficient records for each participant to determine benefits when due.
For limited-scope audits, plan sponsors will need to:
• Review the investment certification to determine that the investment information is prepared and certified by a qualified institution (in accordance with 29 CFR 2520-10 3-8).
• Determine that the certification covers both the completeness and accuracy of the investment information provided.
• Ensure the certification covers all plan investments (and that the institution can certify all plan investments).
The standard may have a huge impact on the type and amount of information your auditor seeks.
To continue to meet the challenges of the pandemic and stay up to date on evolving circumstances, plan sponsors and auditors will need to adapt how and when plan audits are performed. These changes will likely impact plan audits for years to come and working together through these changes, every member of the employee-benefit-plan audit process can continue to effectively protect participants’ retirement savings.
Nancy L. Cox is a partner with The Bonadio Group. She specializes in financial-statement auditing and consulting related to real estate and employee-benefit plans. She serves as co-leader of both the employee-benefit plan and real-estate industry firm-wide teams at the accounting firm. Contact Cox at email@example.com