The Office of the Chief Accountant (OCA) in the Employee Benefit Security Administration (EBSA) of the Department of Labor (DOL) has released a 2023 Audit Quality Study covering the quality of audits being performed by independent qualified public accountants (IQPAs). This is the fourth study to be performed with prior studies being performed in 2015, 2004, and 1997. The 2023 Audit Quality Study’s objective was primarily to “assess whether the level and quality of audit work being performed by CPAs has improved since OCA’s previous study in 2015.” The 2015 Audit Quality Study showed a 39% deficiency rate with quality correlating to the number of plan audits an IQPA performed. The 2015 study results were concerning and caused a number of changes to target these quality issues.
Background
The Employee Benefit Retirement Security Act (ERISA) of 1974 sets the standards for retirement and health plans to protect participants’ and beneficiaries’ benefits. The Department of Labor (DOL), Internal Revenue Service (IRS), and Pension Benefit Guaranty Corporation (PBGC) are charged with administering certain requirements of the legislation.
Among the three agencies charged with administering ERISA, the DOL is responsible for reporting and oversight along with fiduciary provisions contained in Title 1 of ERISA. Title 1 specifically provides certain reporting requirements generally for those plans that cover 100 or more participants at the beginning of the year, including a requirement to get an audit of the plan’s financial statements to ensure they are presented fairly in accordance with generally accepted accounting principles (GAAP). The DOL heavily relies on the work of IQPAs to ensure retirement and health benefits are protected because of the inherent limited capacity to oversee the billions of dollars of assets in these plans.
Information on the 2023 Study
The 2023 study reviewed the 2020 Form 5500 Annual Return/Report for 307 plans. The study indicated that the purpose of selecting the 2020 plan year was to get an audit quality baseline prior to the implementation of Statement of Auditing Standards (SAS) 136, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA. The timing of the Audit Quality Study is important to note since the new reporting standards specifically designed to help improve audit quality have not been implemented and are not factored into the 2023 Audit Quality Study. We should expect to see at least two results from SAS 136: 1. more consolidation so that fewer firms will continue to audit more plans, and 2. improved quality with the application of the new standards. However, since the standards hadn’t taken effect as of the date of the study, the DOL wanted to see what the standard of quality prior to implementation was and how it has improved since the prior study. The 2023 study structured the sample into two categories: “Simple” plan audits and “Complex” plan audits were specifically noted to assess whether there is any correlation between audit quality and the type of plan engagement. Simple plan audits included 401(k) and 403(b) plans because of the less complex nature of these plans. On the other hand, because of the complex nature of compliance, complex plan audits included defined benefit plans, Employee Stock Ownership Plans, and health and welfare plans.
The Landscape
The population of CPA firms and number of audits performed were noted in the 2023 Audit Quality Study, as follows:
| Number of Plans Audited | Number of CPA Firms | Number of Audits Performed |
| 1-2 | 1,729 | 2,253 |
| 3-5 | 860 | 3,314 |
| 6-24 | 1,156 | 13,556 |
| 25-99 | 422 | 19,758 |
| 100+ | 133 | 47,982 |
| Total | 4,300 | 86,863 |
This compares to the population of CPA firms and number of audits performed noted in the 2015 Audit Quality Study, as follows:
| Number of Plans Audited | Number of CPA Firms | Number of Audits Performed |
| 1-2 | 3,684 | 4,891 |
| 3-5 | 1,519 | 5,773 |
| 6-24 | 1,603 | 17,747 |
| 25-99 | 433 | 18,910 |
| 100+ | 81 | 33,841 |
| Total | 7,330 | 81,162 |
Per the 2023 Audit Quality Study, the number of plan audits increased moderately at 7% since 2011; however, the number of CPA firms performing these audits sharply decreased by ~40%.
Results
The 2023 Audit Quality Study identified a 30% deficiency rate. That rate means that 1 in 3 audits had at least one or more unacceptable major deficiencies relevant to generally accepted auditing standards (GAAS). There was a significant decrease in the overall deficiency rate since 2015 (39%), but there is still a major concern of the OCA that nearly 1/3rd of benefit plans fails to meet professional standards which demonstrates a “lack of adequate oversight over benefit plan assets by the auditors hired to perform this work.”
| Audit Quality Study | 1989 | 1997 | 2004 | 2015 | 2023 |
| Audit with GAAS Deficiencies | 23% | 19% | 33% | 39% | 30% |
| Strata | Form Year 2020 | Form Year 2011 | ||
| Audits Reviewed | Audits with Deficiencies | Audits Reviewed | Audits with Deficiencies | |
| 1-2 Plans | 20 | 70.0% | 95 | 75.8% |
| 3-5 Plans | 23 | 51.2% | 95 | 68.4% |
| 6-24 Plans | 54 | 50.1% | 95 | 67.4% |
| 25-99 Plans | 74 | 38.0% | 65 | 41.5% |
| 100+ Plans | 137 | 17.0% | 50 | 12.0% |
| Total | 308 | 30% | 400 | 39% |
EBSA Conclusions
The 2023 Audit Quality Study has noted key findings and conclusions of reviewing the 307 plan audits.
- Audit Quality is Improving, but it is Still Lacking – A 30% overall deficiency rate for plan audits is a statistically significant improvement in the overall audit quality of employee benefit plan audits. However, as noted above, a 30% deficiency rate is still not acceptable. More needs to be done to continue to improve the quality of employee benefit plan audits.
- Noted Decrease in Audit Quality of 100+ Audit Strata – There was a noted 5%-point decrease in audit quality in the 100+ audit strata which is troubling to the OCA. What may be happening is that with smaller plans getting out of the EBP audit space the larger firms are taking on more of this work. However, audit firms are continuing to struggle with staffing issues, which may be putting pressure on bigger firms. We have noticed many more requests for audits, but staffing continues to be a big concern. This may be part of the reason for a declining audit quality in firms that audit 100 plans or more.
- The Number of Audits Performed Means Greater Quality – Consistent with the results in the prior study, generally the smaller the CPA firm’s employee benefit plan audit practice, the greater incidence of audit deficiencies.
- CPAs auditing fewer than 25 plans had a significantly higher deficiency rate than those reviewing 25+ plans.
- CPAs auditing fewer than 100 plans had a significantly higher deficiency rate than those reviewing 100+ plans.
- EBP-specific Auditing Areas Still Have the Highest Deficiency Rates – Audit areas that are unique to employee benefit plans such as contributions, benefit payments, and participant data continue to lead the list of audit deficiencies. What stood out to me as some hidden concerns are the areas of Internal Controls (5.90% deficiency rate) and Planning and Supervision (3.30% deficiency rate) which are lower than the top three but could be important matters as we move forward.
- Participant Data (15.6% deficiency rate)
- Contributions Received and Receivable (15.3% deficiency rate)
- Benefit Payments (9.4% deficiency rate)
- Peer Review Not Meeting Objectives – The Practice Monitoring and Peer Review process established by the AICPA and administered by sponsoring state CPA societies is still ineffective in identifying deficient employee benefit plan audit work and ensuring compliance with professional standards, despite numerous changes made to the peer review process. This may be an important note. As you’ll see below there are some requested changes to legislation and processes that might come forth due to this assessment. I suspect the AICPA will take the recommendations regarding the peer review process very seriously and will implement them quickly.
- Some benefit to AICPA EBPAQC Membership – Audits performed by members of the AICPA’s Employee Benefit Plan Audit Quality Center had a significantly lower deficiency rate than audits performed by non-Quality Center members. However, it doesn’t appear to be a key indicator of quality as it was noted that 80% of the deficient audits were performed by EBPAQC members.
Legislative Changes
The 2023 Audit Quality Study mentioned specific changes that would help with audit quality. The three changes are as follows:
- The EBSA should seek changes to ERISA, providing EBSA with the authority over registration, suspension, and debarment of employee benefit plan auditors.
- The EBSA should be provided with the ability to levy civil penalties against auditors performing substandard audits, and
- The EBSA should seek repeal of the limited-scope audit provision under ERISA.
I still think the bad-rap that previously termed limited-scope audits have gained is unfounded as the limited-scope audit provision is adequate if appropriately applied. Inexperienced auditors who inappropriately rely on this provision causes the issue. All auditors can perform investment testing, as required in a full-scope audit, but that won’t necessarily improve audit quality with respect to the deficiencies found in the study. Small firm practitioners need to understand the limited-scope provision and its limited effect on the required audit procedures.
Audit Quality Study Enforcement Recommendations
Based on the results, the final enforcement recommendations were noted as follows:
- Case Targeting Strategies
- The EBSA should continue to focus on CPA firms with smaller employee benefit plan audit practices that audit plans with large amounts of plan assets, and
- The EBSA should annually increase the number of large benefit plan practice CPA firms that are reviewed as part of EBSA’s CPA Firm Inspection activities.
- State Licensing Boards
- The EBSA should enhance the investigation and sanctioning process for CPAs who perform significantly deficient audit work;
- encourage state boards of accountancy to accept the results of investigations performed by the AICPA’s Professional Ethics Division; and
- use those results in disciplining CPAs (at the state licensing board level).
- AICPA Peer Review Program
- The EBSA should work with the AICPA to make the peer review process more transparent by disclosing when peer reviews have identified deficiencies in the firm’s benefit plan audits.
- The EBSA should encourage the AICPA to require firms who perform benefit plan audits to receive, in addition to their required system review, an “engagement” review covering a sample of their benefit plan engagements.
- Outreach
- EBSA should work with NASBA to encourage state boards to require specific licensing requirements for CPAs who perform employee benefit plan audits. This would include specific training and experience in auditing employee benefit plans.
- EBSA should expand its outreach activities to include plan administrator organizations to explain the importance of hiring competent CPAs to plan administrators and those with the responsibility for hiring plan auditors.
- EBSA should encourage state societies of CPAS to create employee benefit plan audit training programs if they do not already have one.
These recommendations appear to be practical, for the most part, and might be enacted sooner rather than later. The AICPA does not like to see that the initiatives in its purview are not leading to significant improvements in audit quality. But again, the timing of this study is important as it doesn’t consider the recent auditing standard changes.
This Audit Quality Study should be a first step in analyzing how well the new auditing standards helped improve audit quality. I would suspect that we may see another Audit Quality Study to analyze the impact of SAS 136. From there I think we may see continued improvement in audit quality. However, in the meantime, employee benefit plan auditors will need to continue to allocate sufficient resources to ensure benefit plan audits are being performed according to AICPA standards.
