Posts

401K Audit Checklist

Many employers are realizing the need to offer benefits to retain and recruit top talent. One of the most common benefits that we see used is the 401(k). There are many different styles of 401(k) plans, but all 401(k)s are designed for employees to contribute a portion of their income, for those contributions to be placed as investment vehicles, and for the employees to receive deferred tax treatment on the contributions and any investment gains earned over time.

Department of Labor (DOL) and 401K 

The Department of Labor (DOL) is charged with making sure employees are being treated fairly, and in the case of 401(k) plans, there is an act they designed to govern those plans called the Employee Retirement Income Security Act, or ERISA for short. ERISA gives guidance on how plans are supposed to perform and provides protection for individuals in the plans.

Form 5500

The DOL needed a way to track information in these plans, and in conjunction with the Internal Revenue Service, they created a Form 5500, which every 401(k) will need to file. Some 401(k) plans are small enough to file a Form 5500-EZ. These plans have less than 100 eligible participants and do not require an audit, per ERISA. Plans that have over 100 eligible participants are required to file the Form 5500, which includes a section on the Schedule H about the audit performed for the plan. Once the Form 5500 is completed, the audit is also attached to the return and filed.

When Do You Need a 401K Audit?

If a company that provides a 401k has more than 100 eligible employees, it is likely they have been through an audit or another assurance service. The audit for a 401k plan is similar to that of an audit of a company. There will be an agreement for the services provided, a list of items the auditor will request, testing of documents and other evidence, and a report on the financial statements. The best way to have an efficient and effective audit is to understand, gather, and provide those requests back to the auditor.

From the company’s perspective, the requests can be divided into different areas based on where you might pull the information.  There will be a custodian involved, which is where you will pull financial data; there will be a third-party administrator (TPA), which is where you will pull some compliance information; often a payroll provider, which is where you will pull payroll information; and finally, your human resources department will need to provide some plan documents and employee files.

Documents and Information Needed for a 401K Audit

For the financial information (investment company can help):

  • Investment Statement – this shows all the activity from the beginning of year to end of year. It will likely include detail on each investment vehicle, each participant, and a summary.
  • List of contributions – this shows a list of all contributions to the plan in summary and by participant. It will include the pay date, contribution date, date of receipt by custodian, and the amount of contribution. This item is extremely important because it is used to determine if the company made the contributions timely.
  • List of distributions – this shows a list of all distributions from the 401k plan, and it includes the gross amount, any amount of tax withheld, amounts related to forfeiture, net amount paid, and if the funds were transferred to another qualified plan.
  • Certification of Assets – this is a report from the custodian that certifies the amounts reported in the investment statement are complete and accurate. With this report, the audit can be considered “limited-scope” and the auditor can reduce testing on investments. Without the report, the auditor will need to spend significant time testing the investments.
  • You will need to retrieve the SOC1 report or equivalent. This is a control report usually done by another auditor and represents the controls at the investment company.

For compliance (third-party administrator can help)

  • Draft 5500 – The TPA usually prepares this form as part of their responsibilities in the contract. The auditor will need to compare the information in this form with the investment statement and discuss any differences with the TPA with possible disclosure of the differences.
  • Adoption Agreement – The TPA will have one of these on file, because it is their responsibility to review this document and determine if your plan is in compliance.
  • Summary Plan Description – this is a user-friendly document that explains the plan in everyday language and should be what the eligible participants receive upon becoming eligible.
  • IRS Determination Letter – This is the letter that the IRS sent to your company once you were approved to start the 401(k) plan.
  • Compliance Report – The TPA will run various tests associated with the 401(k) options that you have. Some of those tests are called ACP, ADP, and Top-Heavy testing. They will also run tests to see if anyone gave over the limits.
  • You will need to retrieve the SOC1 report or equivalent. This is a control report usually done by another auditor and represents the controls at the third-party administrator.

Payroll information (from your payroll provider or human resources):

  • W-2 – W-2s will help provide evidence for tested participants’ salary and total contribution for the year.
  • Payroll Registers – Often times, it is easier to test 1 or 2 contributions at a point in time, rather than the whole year to determine if the plan is operating correctly. Having the ability to provide any payroll registers requested will help. Payroll registers usually include payroll information related to the time period tested, like amounts paid, withheld, and net pay.
  • If using a payroll service provider, you will need to retrieve the SOC1 report or equivalent. This is a control report usually done by another auditor and represents the controls at the payroll company.

Employee information (from your human resources):

  • Enrollment Form – This form shows the selected participants’ payroll deferral percentage and the options they have chosen in the plan.
  • Employment Form – This will be the form the employee completed that shows their demographic information and their hire date.
  • Termination Form – For employees that were terminated and received distributions, these forms help auditors test the 

Document Your Controls 

If not already done, as you gather these items, document the procedures you have over what happens when someone is employed, becomes eligible, participates in the plan, asks for a withdrawal or terminates from the plan. Some questions to answer in this control document are:

  • How do I know we are withholding the right amount from the employee for the 401k contribution?
  • How do I know we are matching the right amount?
  • How do I update the system with a 401k contribution % or dollar amount?
  • When someone became eligible how do I know they received a 401k packet?
  • How are the investment options we chose performing?
  • How do I make a payment of all the employees’ withholding and the match to the investment company? And how do I check to see if it is right?
  • Are employee personnel files secured for restricted access?

Knowing how to access these items above and provide them to the auditor will lead to a successful audit.

Contact a 401K Auditor

At Marshall Jones, we know that employee benefit plans are important because it is how you take care of your employees. It also represents many fiscal and regulatory responsibilities for you, and we hope to help relieve the stress related to the auditing portion of those responsibilities. Contact Marshall Jones today to start working with our financial professionals.

audit-assurance-CTA
Here is what you need to know to prepare for an audit in Atlanta

Preparing for an Audit? Here’s What You Need to Know

The idea of an audit can intimidate many business owners. However, there are several different types of audits, and many are designed to improve your business so you can operate more efficiently in the future. Read on to learn more about what each classification of audit is, as well as tips for how to prepare for an audit.

The Different Types of Government Audits

The first step when preparing for a company audit is to identify and understand which type of audit you are dealing with. There are 14 main types of audits, each one serving a unique purpose. Once you do this, you can then take the necessary steps to prepare for the audit and incorporate the results into your daily operations.

1. External Audit

External audits are performed by external auditors who have no stake in your company. They are ideal for businesses of any size that want to get a clear look at their company and its processes without bias. An external, expert opinion is often one of the best resources for difficult issues your company may struggle with, like finance or tax compliance. Additionally, external audits lend your business more credibility with financial stakeholders.

As you prepare for an external audit, take the time to designate someone to be the liaison between your company and the external auditor. A single point of contact will help both you and the auditor stay organized. This person will be responsible for compiling reports and communicating with the auditor about questions, findings and more. 

2. Internal Audit

An internal audit is an audit your company handles itself, checking that each branch of the company is following the proper procedures and internal policies. The goal of an internal audit is to strengthen the organization and identify areas for improvement. To prepare for an internal audit, sit down with all areas of management, and compile a thorough list of the areas you want your internal audit to focus on.

3. Forensic Audit

A forensic audit is usually required at the request of the court, and its findings are used during legal proceedings to investigate fraud or misappropriation. To stay on top of a forensic audit, make sure your company keeps detailed records of all financial transactions, including dated receipts. Having a clear picture of your financial transactions will help you avoid surprises during a forensic audit.

4. Statutory Audit

Statutory audits are a legally required review of a company’s finances and financial procedures. A statutory audit can occur on a federal, state or local level. Because there are differences between local standards and national standards, do not use the results of a statutory audit as your primary source of information about your company’s standings. As you prepare for a statutory audit, make sure you submit all required documentation requested by the initiator on time to avoid delay.

5. Financial Audit

A financial audit is conducted by external auditors and carefully analyzes your company’s financial statements, processes and position. Because financial audits are typically an annual audit, make sure you close out your company’s fiscal year before proceeding. This way, you get an accurate report of your company’s data.

6. Tax Audit

Tax audits are conducted by the IRS and are one of the most recognized types of government audits. Your company could experience a tax audit for several reasons, including non-compliance, or it could just be a scheduled event by the IRS. To adequately prepare for a tax audit, make sure you know the scope and purpose of the audit. If you know why your company is being audited, you can prepare your answers and have the appropriate financial information ready before the proceedings begin.

7. Information System Audit 

An Information System audit is also known as an IT audit. It is an audit of your company’s IT infrastructure, operations and related policies. For a productive audit experience, create a list of all controls and safeguards currently in place. List the applications, services, software and programs your company uses, as well as information needed to access them. You should also take the time to compile a list of all known IT gaps, so your IT auditor has a place to start and focus their efforts. 

8. Compliance Audit

A compliance audit ensures your business is compliant with a given set of standards or regulations. Compliance audits are essential, as they keep your company running smoothly and according to all laws. To avoid surprises, conduct your own internal compliance audit before the real thing so you can identify and address weak spots ahead of time. At the very least, you can learn something new to help your business run better. 

9. Value for Money Audit

A Value for Money audit is typically used by non-profit organizations when a traditional for-profit analysis of an organization’s finances cannot be made. The purpose of this classification of audit is to analyze your organizations’ financial effectiveness and determine whether your designated funds are correctly utilized. Before a Value for Money audit, make sure you have a clear understanding of your organization’s money in and money out, as well as the value of all goods and services purchased.

10. Review Financial Statements

A review of financial statements is less expensive than a full audit and smaller in scope.  A review of financial statements is useful for analyzing financial information and checking for accountability, accuracy and legality. Many organizations and businesses use a review of financial statements when they do not have financial experts on staff as a way to stay on top of their financial proceedings.

Because a financial review is smaller in scope than a full audit, it does offer less assurance. For this reason, make sure you check with all lenders or financial investors with a stake in your organization before electing to have a review of financial statements, as some may require full audits instead.

11. Agreed Upon Procedures (AUP)

An Agreed Upon Procedure (AUP) is when a company hires an external auditor to audit a specific part of their business. Companies may initiate AUPs if a part of their organizational structure is not performing up to standards or as a way to identify where they should allocate time or funds. Once you receive the results of an AUP, it is up to you to make sense of the findings and apply them to your practice. To do so, you may need to consult an outside expert. Keep this potential cost in mind as you plan and budget your AUP. 

12. Integrated Audit

An integrated audit combines an external financial audit with an internal audit of your company’s operations. It is a way to identify discrepancies before between financial reporting and financial statements. Integrated audits take a closer look at how each branch of your company interplays with one another. To prepare for an integrated audit, make sure each department of your company’s management is aware of the audit, so they can help implement internal changes, and provide the external auditor with all necessary information.

13. Special Audit

A special audit looks at one specific area of a company’s operation. It may be initiated by an outside agency, like the government, or from inside the company. To get the most out of a special audit, make sure all management has a clear understanding of the purpose and goal of a special audit. This will help your staff feel at ease and will give everyone a clear direction once the results of the special audit are returned to you. 

14. Operational Audit

Companies initiate operational audits to get a fresh perspective on their company’s processes and structure. Operational audits are excellent for identifying weaknesses and strengths, as well as introducing new ideas to help your company thrive. Before conducting an operational audit, determine the scope of the review and create a list of goals. For the most productive audit experience, work with your auditor to identify the areas of concern you want the audit to focus on.

Let Marshall Jones help your company prepare for an audit

Let Marshall Jones Help Your Company Prepare for an Audit

At Marshall Jones, our certified public accountants and advisors perform audits according to auditing standards generally accepted in the U.S. and standards that apply to financial audits in government auditing standards. We use a risk-based audit approach to comply with all standards and objectives. Contact us today for your audit needs.