While some believe that an employee benefit plan audit is obtained simply to satisfy a regulatory requirement, there are certain areas in which an employee benefit plan audit can assist, or add value, to plan sponsors. As our own Josh Zimmerly mentioned in his article “Benefit Plan Audit by Infomercial,” an audit can help to evaluate plan health and aid administrative performance by providing recommendations, including flagging potential problems or identifying cybersecurity risks and helping to implement solutions to mitigate risk. Let’s break down these points a bit further.
In a benefit plan audit, the auditor typically will perform a comprehensive review of the plan document and understand the mechanics of the plan by performing walkthroughs of key cycles, such as enrollment, distribution, and payroll/contribution process. Additionally, an audit consists of performing substantive testing procedures around eligibility, contributions, distributions, plan expenses, and notes receivable from participants, if applicable. The procedures outlined above could identify potential operational issues associated with the Plan. This discovery then gives the plan sponsor the opportunity to take appropriate corrective action in order for the plan to maintain its qualified tax-exempt status and avoid any potential future liability from the Internal Revenue Service or Department of Labor.
Audits also aid in the evaluation of the plan’s health. Plan sponsors should not only be focused on the cost side of the Plan, but also on increasing employee participation so that employees have adequate income at retirement age. One strategy that plan sponsors should consider is the adoption of an automatic enrollment provision for newly hired employees. Additionally, to bolster retirement readiness, plan sponsors should also consider implementing auto-escalation clauses within their plans. Finally, with all of the security breaches (from Target to Equifax), cybersecurity is a hot topic. Plan sponsors should be closely monitoring their service providers’ Service Organization Reports (SOC reports) to ensure that third-party administrators are mitigating information technology risks surrounding physical access, logical access, and change management. Having another set of eyes on the information technology environment through a third-party audit can help identify potential gaps or vulnerabilities while trying to maintain data integrity, protect employee information and retirement assets.
So don’t just “set it and forget it”. Plan sponsors should continuously be monitoring the plan to ensure that participants have the available resources to take action and become retirement-ready. Plan sponsors should also consistently evaluate the plan processes to ensure continued compliance with regulatory requirements. Remember, an audit is not just a regulatory requirement, it’s a valuable part of the process.
For questions regarding any of the issues discussed in this article, contact Schneider Downs’ employee benefit plan experts.