Death by a thousand cuts. That’s what initial 401(k) and 403(b) audit clients fear their first financial statement audit will feel like. Fear of the unknown leads the human mind to worst case scenarios.
Could I fail the audit? Sure, anything is possible.
Will I fail my first audit? Not likely.
Even if the audit finds an operational failure, the IRS correction program likely offers a pre-approved solution through its Employee Plan Compliance Resolution System (EPCRS). Even if the correction needed is material to the financial statements, accruing the receivable or the payable, as applicable, will mean that the financial statements are still complete and accurate in all material respects. The computations could be complicated, time-consuming, and sometimes even costly, but a simple accrual for an outstanding correction means the audit still passes. The correction should then be completed expeditiously, sometimes with the help of an ERISA attorney.
In some cases, the EPCRS self-correction program does not offer a pre-approved self-correction for an operational error, or the client would like to execute a correction different from the pre-approved options. In those cases, a Voluntary Compliance Program (VCP) application can be submitted to the IRS for approval. There is a fee for submitting a VCP application, but IRS approval brings certainty and peace of mind.
To appease the fear of the unknown for initial audit clients, I have summarized the most typical audit findings we encounter in our audit practice. Knowing that the dreaded potential errors are actually quite common should turn the fear that the audit will feel like a death by a thousand cuts into just fear of being pecked to death by a duck…not so scary at all.
Eligible Compensation
Matters Identified: During our audit, we noted that the compensation used for calculating employee deferrals is not consistent with the definition of eligible compensation stated in the plan document. Certain types of wages were excluded from compensation when the plan document states these are eligible wages and/or certain types of wages were included in compensation when the plan document states these are not eligible wages. We discussed it with plan management, and they agreed.
Correction Required: Plan management must arrange for the calculation of and deposit of corrective contributions to the affected participants consistent with EPCRS. The correction options include depositing a Qualified Nonelective Contributions (QNEC) for employees’ missed deferral opportunity, missed match or profit-sharing contribution, as applicable, and related lost earnings. Excess contributions could be returned to the participant or forfeited, unless legal counsel indicates that the plan can be amended to increase contributions retroactively. We will request proof of correction when performing next year’s audit.
Recommendation: We recommend plan management improve its internal controls and processes regarding the calculation of eligible compensation and provide the necessary training for the people responsible for setting up payroll and new payroll codes.
Auto Enrollment of Newly Eligible Employees
Matters Identified: During our audit, we noted that not all newly eligible employees were automatically enrolled into the Plan as required by the plan document, unless they specifically opted out. No written documentation of opt-outs has been obtained and therefore, we could not corroborate that the selected participants were not supposed to be automatically enrolled without alternative audit procedures. Written documentation of opt-outs from automatic enrollment is a recommended best practice.
Correction Required: Plan management needs to calculate and deposit corrective contributions to participants who were not automatically enrolled who had not opted out, including Qualified Nonelective Contributions (QNEC) for employee missed deferral opportunity, missed match, if applicable, and related lost earnings. We will request proof of correction when performing next year’s audit.
Recommendation: We recommend plan management put policies and procedures in place to maintain adequate documentation that supports each newly eligible employees is either automatically enrolled into the plan timely, or that the employee has specifically opted out of participation.
No Documentation of Notification to Newly Eligible Employees
Matters Identified: During our audit, we noted that plan management did not maintain documentation to support that all newly eligible employees were timely notified of their ability to participate in the Plan. Alternative procedures were needed to corroborate that some sampled eligible employees who are not participating had opted out.
Correction Required: Plan management needs to calculate and deposit corrective contributions to participants who were inappropriately excluded, including Qualified Nonelective Contributions (QNEC) for employee missed deferral opportunity, missed match, if applicable, and related lost earnings. We will request proof of correction when performing next year’s audit.
Recommendation: We recommend Plan management put policies and procedures in place to maintain adequate documentation that supports all eligible employees have been invited to participate in the Plan in a timely manner.
Documentation of Employee Elections
Matters Identified: During our audit, we noted that plan management did not maintain documentation of enrollment and change elections as entered in the payroll system either in paper form or as an electronic report of online elections. Therefore, alternative audit procedures were used to obtain audit evidence for contribution testing. Signed enrollment and change forms, or records of online elections, are important in case of any disagreement or allegations by employees that their contributions were not properly calculated. The absence of such evidence could expose the plan sponsor to significant financial losses in the way of corrections, fines, and penalties.
Recommendation: We recommend that plan management implement policies and procedures to ensure all signed enrollment and change forms are maintained or that an online election process is implemented through the plan webstation to support the deductions in the payroll system.
Participant Deferral Changes
Matters Identified: During our audit, we noted there are insufficient controls in place to ensure that changes to employee deferral elections are timely and accurately updated in the payroll system. We noted certain employee deferrals deducted and remitted to the Plan did not match the employee deferral election dates.
Correction Required: Plan management needs to calculate and deposit corrective contributions to the affected participants, including Qualified Nonelective Contributions (QNEC) for employee missed deferral opportunity, missed match, if applicable, and related lost earning AND/OR Plan management needs to calculate and distribute employee excess elective deferrals for the affected participants. We will request proof of correction when performing next year’s audit.
Recommendation: We recommend Plan management improve its internal controls and processes over the review of employee deferral elections and make sure the deferral amounts are calculated using the proper percentages.
Early or Late Entry into the Plan
Matters Identified: During our audit, we noted there are insufficient controls in place to properly identify participant eligibility dates and the related entry dates as defined by plan provisions. We noted that certain employees contributed to the Plan prior to or after their calculated entry date. We discussed it with plan management, and they agreed.
Correction Required: Plan management must collaborate with the plan’s service providers to execute a correction consistent with EPCRS. The correction options for early entry into the plan include the distribution of ineligible contributions or a retroactive plan amendment to match the plan provisions to the operations. Corrective contributions plus interest must be deposited to participants who were not entered timely after making their election or who were not automatically enrolled timely, if required by plan provisions. We will request proof of correction when performing next year’s audit.
Recommendation: We recommend plan management implement policies and procedures to ensure accurate participant demographic data is tracked to determine proper eligibility dates and entry dates based on plan provisions. We also recommend that plan management complete a historical review of plan entry dates and initial contributions by employees to ensure no other missed entry dates require correction.
Timely Remittance of Contributions
Matters Identified: During our audit, we noted there are insufficient controls in place to ensure the employer segregates all employee contributions and loan repayments from its general assets as soon as administratively feasible, as required by the Department of Labor (DOL). We noted employee contributions and loan repayments for certain paycheck dates during the audit year that took longer to remit to the Plan compared to remaining paycheck dates during the audit year. We discussed it with plan management, and they agreed.
Correction Required: Plan management needs to calculate and deposit lost earnings to the affected participant accounts. Alternatively, the third-party administrator or the audit firm can assist with the interest calculation for an additional fee.
Recommendation: We recommend plan management implement policies and procedures to ensure consistent and timely remittance of employee contributions and loan repayments.
Forfeiture Balances
Matters Identified: During our audit, we found that there are no procedural controls to ensure forfeited participant accounts are used by the end of the following year after the forfeitures are generated pursuant to plan provisions. The Internal Revenue Code (IRC) requires that these forfeited accounts be used pursuant to plan provisions. Forfeitures used during the audit year are less than the beginning balance of forfeitures available.
Recommendation: We recommend the Plan use or reallocate these forfeited accounts as soon as possible and that plan management put in place a procedural control to monitor that all forfeitures created are used pursuant to plan provisions.
Incorrect Employer Match Calculation
Matters Identified: During our audit, we noted that the match is calculated for each individual payroll, but the plan required an annual computation. Participants who did not contribute evenly throughout the year may be entitled to a true-up match contribution. In addition to the failure to compute the required true-up match, some employees in our sample received an inaccurate match amount for the audit plan year.
Correction Required: Corrective contributions must be deposited to the affected participants’ accounts for any missed match and related lost earnings, or any excess match contributions plus earnings should be forfeited from the affected participants’ accounts.
Recommendation: We recommend Plan management put policies and procedures in place to ensure accurate calculation of employer matching contributions and review by someone other than the preparer.
Contribution Sources are Incorrect
Matters Identified: During our audit, we noted there are insufficient controls in place to ensure contributions are remitted to the Plan with accurate source type, including pre-tax deferrals, Roth deferrals, rollovers, employer match, employer profit sharing, employer safe harbor nonelective, and QNEC. Different source codes have different distribution restrictions and different tax effects on the participants when they receive the funds.
Recommendation: We recommend plan management identify all source corrections needed and request adjustments be made in the recordkeeping system. Additionally, plan management must improve its policies and procedures to ensure contributions are remitted to the Plan with accurate source type. We will request proof of correction when performing next year’s audit.
Inconsistent Demographic Data Across Providers
Matters Identified: During our audit, we noted discrepancies between the employee data in the recordkeeping system and the payroll system. For example,
- the payroll totals do not agree to the totals on the census data submitted for the discrimination tests.
- hire dates, termination dates, and hours worked are missing or inconsistent, which affects the ability to properly identify newly eligible participants, compute eligible compensation, and to compute distribution amounts accurately.
Alternative procedures were used to determine whether the discrepancies affected plan operations such as the determination of eligibility for contributions, distributions, and the results of the discrimination testing.
It is important that employee data in the recordkeeping system be accurate since this is the data used for plan operations and to ensure the plan’s compliance with laws and regulations.
Recommendation: We recommend plan management put policies and procedures in place to ensure employee data captured in the recordkeeping system is reviewed for accuracy and relevance for proper plan operations. Annually, the column totals on the census report should be reconciled to the original-source payroll documents before submission to the third-party administrator or the bundled provider, as applicable.
Incorrect Vesting Computations
Matters Identified: During our distribution test, we identified several participants who received an incorrect distribution amount because vesting and forfeitures were calculated incorrectly.
Corrections Available Under EPCRS-IRS Revenue Procedure 2021-30: Overpayments to terminated participants amounting to $250 or less do not require correction.
For participants who received distribution overpayments, the Plan can be retroactively amended in a nondiscriminatory manner to align the plan provisions with the plan operations.
For participants who received distribution underpayments, erroneously forfeited amounts should be reinstated to the affected participants’ accounts and subsequently distributed based on each participant’s original distribution instructions.
Recommendation: We recommend plan management complete a historical review of participant distributions to ensure that there are no other vesting and forfeitures calculated incorrectly that would require correction. Management should also review the accumulated vesting for active participants to prevent additional erroneous distributions in the future. If the source of the error in the vesting computations is identified, procedures should be established to ensure that accurate information is used to compute the distributable amounts in the future.
We will request proof of correction when performing next year’s audit.
Incorrect Tax Withheld on Distributions
Matters Identified: During our distribution test, we noted certain participants had less than the required federal tax withheld, but no source documentation was available to support that the lower tax rate withheld was at the direction of the participant, if permissible.
Recommendation: We recommend Plan management consult with the plan’s service provider and implement policies and procedures to consistently apply the required federal withholdings to all future distributions.
Mandatory Distributions and Locating Missing Participants
Matters Identified: During our audit, we noted terminated participant accounts that do not exceed $5,000 at year-end.
There is no procedural control in place to ensure that mandatory distributions are processed following severance of employment for participants with an account balance of $5,000 or less, pursuant to Plan provisions.
Recommendation: We recommend plan management consult with its service provider to develop a procedural control to periodically (at least annually) review the accounts of terminated employees and process mandatory distributions pursuant to plan provisions.
If mandatory distributions cannot be made because participants are unresponsive or cannot be located, the plan sponsor should collaborate with the third party administrator or the recordkeeper to demonstrate compliance with DOL’s missing participants guidance regarding efforts made to locate missing participants or the selection of a rollover distribution option for the benefit of missing participants.
Untimely Loan Repayment Setup
Matters Identified: During our audit, we noted certain participant loans did not have repayments set up to begin in a timely manner.
Recommendation: We recommend plan management request and review a listing of issued loans on a quarterly basis and agree this information to the payroll system to ensure that loan repayments are being processed on a timely basis.
Loan Repayments Deducted Past Payoff Date
Matters Identified: During our audit, we found that there are insufficient controls to ensure loan repayment deductions are stopped once the loan is paid in full. We noted certain loans did not have loan repayment deductions turned off in the payroll system in a timely manner. This resulted in loan repayment payroll deductions that were in excess of the participant’s loan liability.
Correction Required: Plan management must return excess loan repayments deducted to the participant. We will request proof of correction when performing next year’s audit.
Recommendation: We recommend Plan management implement policies and procedures to ensure loan repayment deductions to be stopped once the loan is paid in full.
Delinquent Participant Loans
Matters Identified: During our audit, we noted there are inadequate controls to ensure delinquent participant loans are being monitored and deemed distributed at the close of the grace period specified in the written loan policy. If delinquent participant loans are not deemed distributed at the close of the grace period, they are considered prohibited transactions. We noted certain delinquent participant loans due to employee severance of employment that were not deemed distributed at the close of the grace period.
Correction Required: Plan management needs to consult with the Plan recordkeeper and ensure loans are deemed distributed based on written loan policy. We will request proof of correction when performing next year’s audit.
Recommendation: We recommend plan management consult with their service providers on implementing policies and procedures to ensure delinquent participant loans are timely deemed distributed.
403(b) Special Catch-Up Option is Inconsistent with Excluded Contracts
Matters Identified: The plan provisions include an opportunity for participants who have worked over 15 years to contribute an additional special catch-up. To determine the maximum available catch-up, the plan sponsor must compute the average participant contributions since they first became eligible to participate in the 403(b) plan. If records for contributions to contracts or their transfer out of the plan that took place prior to 2009 are not available and are permissibly excluded, it is not possible to calculate all participants’ average balance since their eligibility date.
Recommendation: We recommend that the plan sponsor eliminate the Special 403(b) Catch-up option from the plan provisions and consult ERISA counsel regarding whether a correction is needed for previously accepted special catchup contributions.
Hardship Distributions not Self-Certified or Substantiated
Matters Identified: During our audit, we noted plan management did not maintain source documentation to support hardship distributions requested, approved, and paid during the audit year and that plan management has not adopted the self-certification method in collaboration with the plan’s third-party administrator or bundled provider. The request and approval of certain participant distributions could not be corroborated by source documentation and therefore, alternative audit procedures were used to obtain audit evidence for sample testing. Documentation substantiating initiation and approval of transactions that have occurred in the plan is critical.
Recommendation: We recommend Plan management implement policies and procedures to ensure that source documentation is maintained to support distributions requested, approved, and paid, either through substantiation of the hardship or a compliant self-certification process.
Documentation of Review of Plan Elements and Fiduciary Oversight
Matters Identified: During our audit inquiries of Plan management, it came to our attention that there is no documentation maintained of review of plan elements or fiduciary oversight over the Plan. With the complexity of tax laws covering the qualifications of the Plan and plan fiduciary responsibilities, it is important that the responsible parties adequately document the due diligence exercised over the operations and oversight of the Plan.
Recommendation: We recommend Plan management and Plan fiduciaries meet periodically (as often as needed, but at least annually) and maintain documentation of meeting date, time, and attendees as well as meeting agenda, decisions made, and resulting action items. The periodic meetings should consider items such as:
- Consideration and approval of plan amendments
- Compliance with ERISA regulations
- Creation and monitoring of investment policy, selection of investment options, review of plan’s investment performance and related fees
- Evaluation of service providers and related fees
- Employee complaints or concerns, if any
After reading the previous potential findings and some of the possible pre-approved corrections, I hope that plan sponsors who are subject to a 401(k)/403(b) audit for the first time will have turned their apprehension to anticipation. Instead of dreading that the audit will feel like a “death by a thousand cuts,” or even that it will feel like “getting pecked to death by a duck,” initial audit clients inevitably end up with Stockholm Syndrome. By the end of the initial audit, clients accept that they may be trapped in an audit requirement that they can’t legally escape, but they will have bonded with their insightful and approachable auditor.
