Up until recently, employee benefit plan audits were a routine matter for CFOs — something you had to have done each year to comply with the Employee Retirement Income Security Act, but nothing to worry about overmuch. Well, not anymore.
With the quality of those audits reportedly on a decade-long decline, faulty audits of employer-sponsored retirement and health-care benefit plans represent “one of the biggest risks to CFOs and companies that is not mentioned out there,” says Adam S. Lilling, a partner of Lilling & Company, a firm that specializes in auditing employee benefit plans.
Increasingly, companies are being exposed to stiff fines. In recent years, the Employee Benefits Security Administration (EBSA) of the U.S. Department of Labor “has significantly stepped up its enforcement of the audit requirement for employee benefit plans,” according to a recent report by the American Institute of Certified Public Accountants.
Once a plan sponsor files its annual benefit plan report, the DOL does an inspection of the audit using the auditor’s work papers, according to Lilling. If the Labor Department finds the audit deficient, it sends a letter to the plan sponsor listing the audit’s deficiencies and notifying the sponsor that it has “45 days to get a new audit done that meets all the standards, or we’re going to start fining you $1,100 a day,” he says. “That’s not a nice letter to get.” And there’s no limit on the number of days as long as a clean audit isn’t being filed.
Often, such letters catch finance chiefs by surprise. “And if [it] comes as a surprise, all of a sudden you have to disrupt everything you’re doing [and] drop it,” Lilling says. “And by then you might have a substantial liability.”
Late last month, EBSA published a study that found that for 2011, 39% of the audits contained major deficiencies — errors that could trigger rejections of the audits — “which put $653 billion and 22.5 million plan participants and beneficiaries at risk,” according to a DOL press release. (The remaining 61% of the 400 audits studied fully complied with professional auditing standards or had only minor deficiencies.)
In contrast to the current study, which was completed in 2014, EBSA’s previous study found in 2004 that 33% of benefit audits were significantly deficient. The 2004 study, which was based on less plan assets and fewer plan participants than the 2014 study, estimated that a total of $410 billion in assets held by plans had not been properly audited.
What’s causing these major blunders?
“There is a clear link between the number of employee benefit plan audits performed by a CPA and the quality of the audit work performed,” according to the current EBSA report, which found “a wide disparity between those CPAs who perform the fewest plan audits and those firms that perform the largest number of plan audits.”
In other words, a lack of benefits experience on the part of the auditor can hurt plan sponsors a great deal. CPAs who did the fewest number of such audits per year had a 76% deficiency rate, while accountants performing the most plan audits had a deficiency rate of only 12%, according to the study.
When auditors lack such specialized experience, they need to be trained, EBSA suggested. “Training specifically targeted at audits of employee benefit plans (EBPs) may contribute to better audit work. As the level of EBP-specific training increased, the percentage of deficient audits decreased,” according to the report.
Generalized audit experience alone isn’t enough for auditors to avoid major deficiencies in their benefit plan audits, according to Lilling. Benefit plan auditors “need to test a few specific employee benefit plan areas that you wouldn’t do in a commercial entity. For example, you wouldn’t need to test participant data,” he says.
Under ERISA, every plan sponsor is required to keep an active census of its employees, including such information as their dates of birth and hire, compensation, and contributions to the plan. Benefit plan auditors need to test the accuracy of that census “because the census is the backbone of the plan,” says Lilling. If the sponsor’s census is inaccurate, “then how can you be sure the plan is operating effectively?”
Another unique activity of benefit plan auditors is testing the timeliness of the sponsor’s remittance of employee contributions to the plan. “When an employer takes money out of someone’s paycheck, it needs to send it to the plan as soon as you can reasonably segregate those assets,” he said.
“But a lot of times employers and plan sponsors don’t know this. And what happens is they might hold participants’ money in their own bank account for a long period of time,” he added. “They’re essentially getting a risk-free loan. So an auditor needs to test for that. That’s something you wouldn’t need to do [for] a regular commercial entity.”