Conventional wisdom says that accountants or auditors have an integral role to play in the preparation of the annual report for employee benefit plans, from both a financial and a regulatory standpoint. However, the scope of their role may be misunderstood.
A financial statement audit report must be attached to the annual return/report (Form 5500) of most qualified plans with at least 100 participants and certain welfare benefit plans. (There are a few DOL exceptions, however, that are beyond the scope of this article.) The audit report is an independent qualified public accountant's (typically a CPA's) opinion of the plan's financial statements. It serves two principal roles. First, it assures plan participants that the financial statements fairly present the financial condition of the plan in accordance with generally accepted accounting principles, and that the plan is generally operated in accordance with its terms. Second, the audit report fulfills the plan's compliance requirements and may put the DOL or plan participants on notice of any irregularities in plan accounting and compliance.
But does this mean that through the audit report the auditors are responsible for detecting all defects in the operation of a qualified retirement plan? Is an auditor required to detect any evidence of fiduciary breach, malfeasance, or fraud? The answer to both of these questions is that they should ask about and look for evidence of any or all of these problems. The auditor should detect fraud that would be material to the financial statements. However, the accounting profession maintains that they are not a guarantor of a plan's qualified status, or the proper behavior by fiduciaries. Legally, the precise scope of their responsibility lies in the interplay between the DOL's regulations and the accounting industry's standards and methods. Depending on how the accountant in question addresses the differences in ERISA regulations and auditing standards, a plan sponsor may be getting all that its plan requires, more than the law requires, or not enough assurance to really be worth the fee. Let's look at how and why this might happen.
The Scope Of The Auditor's Principal Role
The fundamental charge of the qualified public accountant is to determine whether the financial statements and schedules, which are required to be included in the annual report (Form 5500) fairly present the financial position of the plan. Therefore, they should examine plan financial statements, schedules or books, and records to reach this professional judgment. This seems fairly clear to most plan sponsors (like any other financial statement audit, right?).
Typically, the accountant also wants to see the finished 5500 filing and other tax compliance and ERISA documentation as well prior to completing the audit. This is often the source of some confusion or education of the plan sponsors and plan administrator.
This part of the inquiry arises from generally accepted auditing standards, which the accounting profession has developed for employee benefit plan audits. These auditing standards were developed in response to the DOL regulations, which were issued under ERISA specifying the content of the financial statements and audit report. The combination of these authorities results in the auditor having to deal with issues involving plan qualification, proper administration, and even prohibited transactions and fiduciary breach issues. The required schedules as set forth in ERISA and the DOL regulations, are summarized in "The Audit Report's Required Schedules And Disclosures," (link right).
Some of the auditor's inquiries will make more sense after you review the list. Other responsibilities are not so obvious, and are only discernible from a detailed review of generally accepted auditing standards. Suffice it to say, that highly experienced auditors go to great lengths auditing an ERISA plan. The type of plan will in part set the scope of their investigation as will the nature of the assets involved. . If potentially serious problems are revealed (as a result of the accountant's investigation), they must be reported. A plan's auditor normally would consider the following six categories of transactions or financial conditions potentially serious. We list them below in accountant's terms and provide you with an example of how each may present itself in a retirement plan. This is not an all-inclusive list since the specific auditing guidelines are detailed and complex. An auditor may be required to report:
- Errors or irregularities (payment of incorrect benefit amounts, or deposits to wrong accounts), including fraud or embezzlement.
- Illegal acts — any violation of federal or state law that requires a penalty that is material to the plan financial statements (prohibited transactions, failure to comply with the Code, or ERISA breaches).
- Material internal control deficiencies, such as in the operation or financial handling of plan assets (poor plan administration or accounting procedures).
- A "loss contingency" indicating that assets are impaired or that a liability has been incurred (taxes due attributable to plan disqualification or unrelated business taxable income, i.e., UBTI).
- Prohibited transactions, such as significant real estate or other transactions involving the plan and the plan sponsor, the plan administrator, the employer, or the employer organizations if they are jointly involved (e.g., a joint purchase of assets by the plan and the employer or a sale of assets to the employer by the plan, whether direct or indirect).
- year that might significantly affect the usefulness of the financial statements in assessing the plan's present or future ability to pay benefits (sharp drop in value of plan assets or the receivership of an insurance provider).
Auditors are concerned, for example, whether an illegal act has occurred in the administration of the plan causing it to be disqualified. However, reviewing a plan's compliance with the Code also includes determining whether or not the related loss of tax exemption is properly recorded and disclosed on the financial statements as a tax liability. So, from an accountant's perspective, plan compliance is an issue that involves determining whether or not there are taxes or financial statement liabilities involved.
So, How Far Should The Auditor Go?
By reviewing the above list and the side bar on page 3, one might infer that the auditor is required to find any violation of the Code's qualification or discrimination rules that could affect the plan. How far must the auditor really go to determine whether or not the plan is indeed qualified? Does the auditor have to verify all of the work performed by the third party administrator (TPA)? It seems to many plan sponsors that virtually any error or miscalculation could result in disqualification! Although not strictly true, this common belief at least highlights the issues when examining the auditor's role.
To get at the illegality issue, the tax liability issue, and any other concerns, the auditor will have to perform certain tests of participant data. The auditor will also inquire of the plan administrator, and if necessary the plan's tax counsel, as to whether or not the plan is currently designed and being operated in compliance with the requirements of the Code. Then the auditor will turn to the results of certain auditing procedures to determine if there are potential violations of the Code and the Treasury regulations such as the following:
- The discrimination tests performed to see if the plan favored highly compensated employees improperly.
- Tests performed to see if benefits under the plan exceeded the statutory limits.
- Tests to determine whether contributions to the fund were not used exclusively for the benefit of participants.
- Tests performed to determine that a plan does not cover a discriminatory group of employees.
- Tests to determine if employee contributions were timely remitted.
The auditors will not perform all of the tests that the TPA or plan administrator is performing on the plan. They will, however, test and check the procedures and components of the tests to determine that they are being done and that the data being used is reliable and accurate.
What about loss contingencies and transactions? The statements and disclosures that are required to be attached to the financial statements make this a rather obvious area of concern for the auditor. Even if a prohibited transaction would not otherwise result in an excise tax or penalty being assessed on the trust (because the excise tax is typically imposed under the Code on the party transacting with or dealing with the plan), the auditor is still concerned that the prohibited transaction does not constitute a breach of fiduciary duty and does not threaten qualification of the plan. The auditor must also concern himself with whether any amounts are owed to the plan by the party in interest for losses incurred by the plan as a result of the act of self-dealing. These losses could be considered receivables which should be paid to the plan by the party in interest.
Ultimately, the conclusions as to whether a prohibited transaction or other legal issue exists should not, and usually will not, be made by the auditor. Where these issues are raised and conclusions of law need to be derived, the plan auditor should inquire of the plan sponsor and counsel to obtain input or opinions from the plan sponsor's or fiduciary's counsel. If the responses, input or opinions from counsel are not satisfactory to the auditor, the auditor may issue an opinion, which is in some sense "qualified" or "disclaimed." Such a disclaimer or qualification on the auditor's report does not in itself keep the auditor's report from meeting the DOL's reporting and disclosure requirements for the Form 5500. However, it's a sure sign to the IRS and DOL that something is wrong with the plan.
Other Areas Of Concern
Depending upon the type of plan involved, an auditor may be concerned about whether or not the plan is adequately funded, and whether the plan sponsor intends to continue to operate the plan, or whether some termination or partial termination has already occurred which would otherwise affect vesting or forfeitability of benefits.
Further from the mainstream, the auditor may be concerned about whether or not the assets being evaluated are assets that contain some degree of off balance sheet risk. The auditor will, in some circumstances, be entitled to rely on audit reports of other CPAs who have produced opinions for assets, which are interests in other entities whose assets are in turn considered assets of the plan (i.e., "look-through" investments).
The auditor may also have to make some inquiry as to whether or not a plan sponsor itself will be able to continue operating, which, of course, could affect plan funding, plan qualification, and benefits should the plan sponsor be unable to continue in business. This is what the auditors refer to as a "going concern" issue. While this may seem somewhat odd, in the case of a defined benefit plan or an ESOP, where the value of benefits or the likelihood of meeting funding obligations is inextricably tied to the employer's financial health, the auditor will have to make some degree of inquiry to satisfy himself on this issue. The facts of the situation can vary widely. Each situation has to be considered carefully by the auditor as to the appropriateness and the scope of the inquiry under the relevant auditing guidelines.
What Does The Audit Report Mean?
A "clean" audit report (i.e., one that contains no qualifications or disclaimers) means that the intended recipient of the report can rely on it to believe that the financial statements portray the financial position of the plan in accordance with generally accepted accounting principles as of the date of the report. That is, the information about the assets is displayed and presented according to proper accounting procedures, and that the values of those assets are properly listed and the types of assets in the trust are correctly identified and displayed and disclosed for what they are. The audit report does not, however, mean that the values listed are in fact what the assets are worth. It also does not mean that those assets are guaranteed to be there at any point in the future, or that the presentation of the financial statements is relevant for any other day than the day of the report.
An intended recipient of the audit report (i.e., the DOL, the IRS, plan participants, and fiduciaries) has a right to rely on the report, as a whole, and is owed a duty of care by the auditor to have exercised sound professional judgment, and to have met the prevailing professional standard. The duty and professional standard, in turn, means some liability for the accountant if items are not discovered and reported. Due to the complexity of the Accounting Profession's Auditing Standards and the myriad fact patterns that could give rise to liability for accountants in this area, litigation, unfortunately, will be one of the determinants of how far the accountant is required to go in their audit procedures.
To the extent the auditor has not met those standards, and an intended recipient is damaged as a result of relying on those financial statements, there may be some liability by the auditor. For example, what if a participant elects not to take a distribution when immediately available, but elects to defer the distribution on the assurance or belief that the financial statements portray that the plan is sound and properly invested. He may have a cause of action against the auditor if the assets "go south" in the meantime due to a reason the auditor should have discovered in the scope of his audit.
What the audit report means regarding the plan's proper administration is less than clear. There has been a certain tension between the DOL and the accounting profession regarding the scope of the auditor's role and duty and as to what they should look for. The DOL would like to make the auditor responsible for spotting all defects and errors of plan administration. Understandably, the accounting profession has resisted this role, both on the basis of impossibility, as well as for the reason that the accounting profession does not believe the law requires the auditors to assume this role. Suffice it to say, however, that if the auditor has failed to meet the prevailing professional standards in reviewing the proper operation of the plan, liability may arise for the auditor.
So ... What Happens If You Don't Get An Audit Report When You're Supposed To?
If a plan does not comply with ERISA's audit requirements, the DOL may reject the plan's Form 5500. The plan sponsor then has 45 days to submit a satisfactory report to the DOL, including the required audit and financial statements. If the audit report is still not satisfactory, then the DOL has two options:
- The DOL may retain an independent qualified public accountant on behalf of the participants to perform the necessary audit; or
- The DOL may bring a civil suit for whatever relief may be appropriate.
Typically, however, if the required audit opinion is not attached to the annual return, the filing will be rejected and penalties may be accessed. Bear in mind that it is just as important to make sure that the auditor's report is complete in every respect. A defect or missing supporting schedule or explanatory note could cause the audit report to be rejected, which the DOL would assert gives rise to penalties if they choose to assess them. As to what is required in the audit report, see the The Audit Report's Required Schedules And Disclosures at the end of this article.
What Is The Audit Report Worth?
By now you may have surmised that the value of the audit report lies in how much "poking around" the auditor decides to do in the course of their engagement. However, that is only part of the audit's value. The real key is how savvy the auditor is regarding the operation and compliance of ERISA qualified plans. How much do they know about the reporting requirements, plan operations and tax considerations? Analyzing these factors will give you the answer to the question, which is that your audit report should be very valuable. If, in fact, your auditor performs an complete testing on an annual basis to examine not only the transactions that occur in plan assets, but also the compliance testing and administrative aspects of a plan, you should be obtaining a fairly high level of assurance that the audit report stands for the proposition that the plan is generally being operated in compliance with its terms and ERISA. If, however, your auditor has not tested all relevant areas and doesn't understand the plan's reporting requirements, then you may not be able to assign this worth to the audit report.
For these reasons, the depth of your auditor's experience in auditing ERISA based benefit plans should be evaluated. How many ERISA plans does the auditor handle on a year-in and year-out basis? How much time does the auditor spend in continuing education in this area? Is the auditor a member of the AICPA Employee Benefit Plan Quality Audit Center, does the auditor have experience working with the DOL, IRS, Plan administrators and attorneys?
All of these questions are only suggested guidelines. As with any other professional you are engaging on behalf of your company or plan, finding the right one is often times difficult and confusing. You should, however, be able to be guided by references and credentials in this area.
Assuming for the moment you have an auditor who gives you a high level of assurance as to the quality of the audit report, is it worth the price? Some plan sponsors and employers approach the audit report as a necessary evil. They seek to get the lowest price for the engagement because "it is merely an attachment to the Form 5500" and "just raises the cost of operating this type of benefit plan." On the contrary, if an employer understands the potential utility and value of the audit report, it can be a premium well worth paying. As we stated above, it seems that virtually every plan defect can cause disqualification or result in IRS or DOL sanctions these days. Given the fact that IRS and DOL enforcement activity is on the rise, it is something to keep in mind. After all, who else are you going to get to look over the shoulder of the plan administrator, on a regular, periodic basis?
What To Do?
If you are maintaining a plan subject to the audit report requirement of ERISA, you should take the time to evaluate the credentials, experience, and savvy of your independent qualified public accountant. You should also ask yourself whether or not you are getting full value from the audit report. It may be that you are paying too little for not only a necessary service, but also what should be a very valuable service for your plan, your participants and the employer/plan sponsor.
If you are maintaining a plan that is growing in size, but is not yet at the 100 participant level, or maintaining a welfare benefit plan containing significant assets but which is exempt from the audit report due to a DOL exception, you might consider the utility of a plan audit a little earlier than you may otherwise be required to obtain one. For example, initiating the audit procedure the year before you are required to file one with your Form 5500 may be just the preventative step you need to take for your plan to spot problems or defects in your plan and trust well in advance of having to fix or disclose them to the DOL and the IRS.