401K Audit Checklist

May 27, 2021   |   Blog

a cartoon megaphone with a speech bubble that says audit

Many employers are realizing the need to offer benefits to retain and recruit top talent. One of the most common benefits that we see used is the 401(k). There are many different styles of 401(k) plans, but all 401(k)s are designed for employees to contribute a portion of their income, for those contributions to be placed as investment vehicles, and for the employees to receive deferred tax treatment on the contributions and any investment gains earned over time.

Department of Labor (DOL) and 401K 

The Department of Labor (DOL) is charged with making sure employees are being treated fairly, and in the case of 401(k) plans, there is an act they designed to govern those plans called the Employee Retirement Income Security Act, or ERISA for short. ERISA gives guidance on how plans are supposed to perform and provides protection for individuals in the plans.

Form 5500

The DOL needed a way to track information in these plans, and in conjunction with the Internal Revenue Service, they created a Form 5500, which every 401(k) will need to file. Some 401(k) plans are small enough to file a Form 5500-EZ. These plans have less than 100 eligible participants and do not require an audit, per ERISA. Plans that have over 100 eligible participants are required to file the Form 5500, which includes a section on the Schedule H about the audit performed for the plan. Once the Form 5500 is completed, the audit is also attached to the return and filed.

When Do You Need a 401K Audit?

If a company that provides a 401k has more than 100 eligible employees, it is likely they have been through an audit or another assurance service. The audit for a 401k plan is similar to that of an audit of a company. There will be an agreement for the services provided, a list of items the auditor will request, testing of documents and other evidence, and a report on the financial statements. The best way to have an efficient and effective audit is to understand, gather, and provide those requests back to the auditor.

From the company’s perspective, the requests can be divided into different areas based on where you might pull the information.  There will be a custodian involved, which is where you will pull financial data; there will be a third-party administrator (TPA), which is where you will pull some compliance information; often a payroll provider, which is where you will pull payroll information; and finally, your human resources department will need to provide some plan documents and employee files.

Documents and Information Needed for a 401K Audit

For the financial information (investment company can help):

  • Investment Statement – this shows all the activity from the beginning of year to end of year. It will likely include detail on each investment vehicle, each participant, and a summary.
  • List of contributions – this shows a list of all contributions to the plan in summary and by participant. It will include the pay date, contribution date, date of receipt by custodian, and the amount of contribution. This item is extremely important because it is used to determine if the company made the contributions timely.
  • List of distributions – this shows a list of all distributions from the 401k plan, and it includes the gross amount, any amount of tax withheld, amounts related to forfeiture, net amount paid, and if the funds were transferred to another qualified plan.
  • Certification of Assets – this is a report from the custodian that certifies the amounts reported in the investment statement are complete and accurate. With this report, the audit can be considered “limited-scope” and the auditor can reduce testing on investments. Without the report, the auditor will need to spend significant time testing the investments.
  • You will need to retrieve the SOC1 report or equivalent. This is a control report usually done by another auditor and represents the controls at the investment company.

For compliance (third-party administrator can help)

  • Draft 5500 – The TPA usually prepares this form as part of their responsibilities in the contract. The auditor will need to compare the information in this form with the investment statement and discuss any differences with the TPA with possible disclosure of the differences.
  • Adoption Agreement – The TPA will have one of these on file, because it is their responsibility to review this document and determine if your plan is in compliance.
  • Summary Plan Description – this is a user-friendly document that explains the plan in everyday language and should be what the eligible participants receive upon becoming eligible.
  • IRS Determination Letter – This is the letter that the IRS sent to your company once you were approved to start the 401(k) plan.
  • Compliance Report – The TPA will run various tests associated with the 401(k) options that you have. Some of those tests are called ACP, ADP, and Top-Heavy testing. They will also run tests to see if anyone gave over the limits.
  • You will need to retrieve the SOC1 report or equivalent. This is a control report usually done by another auditor and represents the controls at the third-party administrator.

Payroll information (from your payroll provider or human resources):

  • W-2 – W-2s will help provide evidence for tested participants’ salary and total contribution for the year.
  • Payroll Registers – Often times, it is easier to test 1 or 2 contributions at a point in time, rather than the whole year to determine if the plan is operating correctly. Having the ability to provide any payroll registers requested will help. Payroll registers usually include payroll information related to the time period tested, like amounts paid, withheld, and net pay.
  • If using a payroll service provider, you will need to retrieve the SOC1 report or equivalent. This is a control report usually done by another auditor and represents the controls at the payroll company.

Employee information (from your human resources):

  • Enrollment Form – This form shows the selected participants’ payroll deferral percentage and the options they have chosen in the plan.
  • Employment Form – This will be the form the employee completed that shows their demographic information and their hire date.
  • Termination Form – For employees that were terminated and received distributions, these forms help auditors test the 

Document Your Controls 

If not already done, as you gather these items, document the procedures you have over what happens when someone is employed, becomes eligible, participates in the plan, asks for a withdrawal or terminates from the plan. Some questions to answer in this control document are:

  • How do I know we are withholding the right amount from the employee for the 401k contribution?
  • How do I know we are matching the right amount?
  • How do I update the system with a 401k contribution % or dollar amount?
  • When someone became eligible how do I know they received a 401k packet?
  • How are the investment options we chose performing?
  • How do I make a payment of all the employees’ withholding and the match to the investment company? And how do I check to see if it is right?
  • Are employee personnel files secured for restricted access?

Knowing how to access these items above and provide them to the auditor will lead to a successful audit.

Contact a 401K Auditor

At Marshall Jones, we know that employee benefit plans are important because it is how you take care of your employees. It also represents many fiscal and regulatory responsibilities for you, and we hope to help relieve the stress related to the auditing portion of those responsibilities. Contact Marshall Jones today to start working with our financial professionals.