If you’re responsible for your company’s 401(k) administration, you probably know that the annual 401(k) audit is not a fun process.
In fact, we’d go as far as to say that it sucks (trust us, we’re involved in a lot of these).
We don’t need to tell you how tough this can be to tackle - especially if this is your first time doing it. And as nice as it is to commiserate, that’s not super helpful. So, in the interest of being super helpful, we’ve provided you with everything you need to know to get through your 401(k) audit as quickly and easily as possible.
In this guide, we’ll cover:
The 401(k) plan audit can be a huge pain. Here’s how to face this 401(k) administration challenge head-on:
The 401(k) Audit is an audit of a plan’s financial standing conducted by an independent qualified public accountant. When it’s required (for larger plans), it is submitted along with the Plan’s Form 5500.
Basically, the 401(k) audit makes sure that all the work involving the 401(k) was done correctly, and if it wasn’t, that the proper steps are taken to fix things.
As you may have guessed, the 401(k) audit is usually the biggest, most frustrating time-suck of the 401(k) administration process. But don’t worry, by the end of this guide you’ll be well on your way to fairly quick and pain-free audits.
The 401(k) plan audit is mandated by the Employee Retirement Income Security Act (ERISA) and is intended to make sure a plan is being run correctly.
The audit seeks to:
The Internal Revenue Service and Department of Labor regulate and enforce the submission of the 401(k) audit. Essentially, they want to be sure that your plan’s in compliance with regulations, and that it’s free of mistakes that may affect participant benefits.
The annual 401(k) audit is required for all “large” plans - meaning those with 100 or more eligible participants. Your annual 401(k) plan audit is often called the “Large Plan Audit” for just that reason.
Now, even if you have 100 participants, there’s a chance you don’t even have to bother with the Large Plan Audit this year. How? Thanks to...
This handy rule lets you file the plan with last year's status as long as you have between 80 and 120 participants. If you filed as a small plan last year, and you haven’t exceeded 120 employees this year, you can still file as a small plan and avoid the audit this year.
The financial statement you receive at the end of your 401(k) audit should be submitted together with Form 5500, 7 months after the end of your plan year. For those of us using the calendar year, that’s July 31st.
Now, fortunately, because the plan audit is submitted alongside Form 5500, the two share an extension option. Which leads us to...
Thankfully, if the Form 5500/audit deadline is approaching and you know you can’t make it, you can request a 2½ month extension - bringing your final Form 5500 and 401(k) audit due date to October 15th (for plans on the calendar year), or 9½ months after the end of the plan year.
Unfortunately, because the 401(k) plan audit and the Form 5500 are submitted together, the penalties for failing to submit your 401(k) plan audit by that 7-month deadline can become painfully expensive very quickly.
IRS fees/penalties: $25/day, maximum of $15,000 for late filing.
DoL fees/penalties: up to $1,100/day, no mandated maximum for late filing.
Now that we’ve covered the important basics, let’s run through the audit process. We know that sounds like a ton, and, well... it is. So we’ve taken the liberty of boiling down the auditor-related minutiae.
This is the audit process as it matters to you.
We’ve broken the Large Plan Audit down into 3 steps (with the 2nd step broken into 2 parts).
We'll go over each step below:
What the auditor does in step 1: The auditor here is trying to get a bird’s eye view of your 401(k) operation. During this step, they’re looking for…
What the plan administrator does in step 1: Assembles the initial documents needed for the audit into an “Audit Packet.” This giant folder goes to the auditor.
Here’s a quick checklist of what 401(k) auditors usually ask for:
Here's a tip from from one of our 401(k) auditor partners on how to make this step go smoothly:
"Absent major changes in the plan, the list of documents auditors need is often similar year-to-year. So always be sure note where the documents came from. Or, even better, keep your documents well-organized in one easy-to-reach place so you don’t have to spend time digging through filing cabinets or chasing down documents from other departments."
-Kristine Boerboom, Senior Manager, Wegner CPAs
Once you’ve handled all the auditor’s initial requests, the bulk of the work begins in step 2.
What the auditor does in step 2: Analyzes essential details about benefit plan financial transactions and employee plan participation. This information is reported in two spreadsheets: the 401(k) Deposit Report (the auditors call this the Cash Transfer Report), and Participant-Level Requests.
What the plan administrator does in step 2: Fills in the information in the required in these two essential spreadsheets. Here’s what's required from you for each:
401(k) Deposit Report:
This is essentially a focused look at the money deposited into the plan. In this report, the auditor is looking for…
Here’s what one of these reports might look like:
Putting together this report can be a tiring and tedious process for plan administrators, because getting the information for this report usually means pulling one report from payroll AND one report from the recordkeeper for every date you ran payroll.
Every. Single. Date.
That adds up to a lot of data. If you have a bi-weekly payroll schedule, that’s 52 reports you have to pull just to fill in this spreadsheet. And that doesn’t even count any off-cycle payroll runs you might have for bonuses, missed payments, or reimbursements.
Participant-Level Sampling:
This is data that the auditor needs from a random sampling of participants. In this report, the auditor is looking for documentation proving the following 401(k) processes were done correctly:
Oftentimes, the requested documentation is really specific HR documents such as offer letters, signed loan requests, and screenshots from payroll or the recordkeeper.
Here’s an example of what the 401(k) auditor’s requests may look like:
Like the 401(k) deposit report, the nature of this data means this collection process can be really time-consuming. Plan administrators can spend a ton of time going back-and-forth with the auditor and digging up this information. Exactly how much time you’ll spend depends on the detail and organization of your employee records.
What the auditor does in step 3: Upon completion of their audit, the auditor gives the plan administrator an audited financial statement to be submitted with Form 5500, as well as a report of the issues they uncovered. They’ll also conduct an interview to determine the plan’s internal controls and procedures.
What the plan administrator does in step 3: Answers any final questions from the auditor, fixes any remaining mistakes, and then reviews, approves, and submits the audited financial statement along with the Form 5500.
Once you’ve received your audited financial statement, you’re done! You can give yourself a pat on the back and pop a bottle of champagne.
Or two.
Or several.
Don’t get too carried away though. The 401(k) administration work is never finished, and there’s always the next audit to prepare for.
So let’s keep that preparation going.
We love examples, but no, we aren’t going to burden you with an entire stack of audited benefit plan documents. But it’s still helpful to see what’s happening with the actual paperwork.
Here are a couple of the most important pages from the essential documents you’ll receive at the end of the audit:
This is one of the first pages in the independent auditor’s report, the overview of the plan’s financial information. This doesn’t say anything about your audit results, but it does contains much of what the audit will be reporting on.
You'll be filing the 401(k) audited financial statement with your 5500. If you're wondering how to file this document correctly, check out our post on Form 5500 instructions.
When the auditor finishes the audit, you’ll also likely get a copy of the Control Deficiency Letter. Here’s a section from an example letter:
As you can tell by the contents of the letter, its purpose is to point out deficiencies in your plan operation that occurred during the year and to suggest changes to prevent these deficiencies in the future. Sort of a 401(k) fix-it ticket.
The auditor is going to be asking for A LOT of documents - first during the Plan Document & Design Review, but then also during the 401(k) Deposit Review and Participant-Level Sampling. Having all your 401(k) documents - that’s everything from plan documents to timestamped communications to payroll data - well-organized in one place can save you A TON of time.
Here's an example of how we do it at ForUsAll using our Fiduciary Vault:
A lot of problems that are exposed during the 401(k) Deposit Review can be completely avoided by integrating your payroll & recordkeeping systems.
When these two systems talk to each other and the 401(k) deposit process is properly automated, you can rest assured that your plan should be free of cash transmission mistakes that could cost you a lot in terms of corrections and administrative hassle.
Caveat: your payroll integration has to be set up correctly in accordance with your plan document!
Many recordkeepers and payroll companies offer some form of integration between the two systems, but these integrations rarely come with validation checks to make sure the data is being passed in a compliant way. So that means whoever is managing your account at the payroll company has to be familiar enough with your 401(k) to set it up correctly.
Some questions you’ll want to ask yourself:
Sometimes, the easiest way to solve a problem is just to make it someone else’s. When you hire a 3(16) Fiduciary, they become legally responsible for administering your 401(k).
A good 3(16) will do ALL the heavy lifting when it comes to your 401(k) audit. That’s everything from assembling your fiduciary documents to putting together the 401(k) deposit report. When you have a good 3(16) by your side, pretty much all you have to do in an audit is dig up any of the HR documents they don’t have access to - offer letters, HRIS screenshots, or those sorts of things.
Imagine that. The audit process, which takes some companies months to complete, might only take you two hours depending on how accessible your documents are.
If finding a really exceptional 401(k) auditor is now one of your top priorities, we understand. After all, everything about the 401(k) audit screams “You better know what you’re doing!” Here are a few questions to ask to make sure you get a good one:
There’s definitely some debate on remote vs. local 401(k) auditors, and really, it’s a good one. On the one hand, a remote audit could be convenient and a lot more affordable. On the other hand, having an auditor be local means they’ll be in the same time zone, and they can also do portions of the audit in person, which cuts out a lot of time spent on emailing back-and-forth.
Technically, any qualified independent accountant or CPA can do your 401(k) audit. But of course, not all 401(k) auditors are created equal. You’ll want to ask: how many 401(k) audits do they do each year? Are 401(k) audits a side project for them, or are they a main focus of the firm? An experienced 401(k) auditor will likely have detailed processes in place to ensure that everything is done correctly, which greatly reduces the risk you run as the plan sponsor.
Technically, any qualified independent accountant can do your 401(k) audit. But of course, not all 401(k) auditors are created equal. You’ll want to ask: how many 401(k) audits do they do each year? Are 401(k) audits a side project for them, or are they a main focus of the firm? An experienced 401(k) auditor will likely have detailed processes in place to ensure that everything is done correctly, which greatly reduces the risk that something slips through the cracks.
This certainly shouldn’t be the biggest factor, but we’d be lying if we said it wasn’t important. The most important thing to remember though is that the 401(k) auditor is there to make sure your plan is ship-shape and compliant. If the auditor misses something, and then the DoL catches it, it could be very costly.
Okay, let’s review what we’ve gone over in case you missed anything (or scrolled right to the end for all the answers):
Phew! That’s a lot. 401(k) audits are no fun, but after reading the information in this guide, you should be well on your way to faster, smoother 401(k) audits.
If you’re still feeling overwhelmed, we can help with that too! ForUsAll has a software solution that automates the administration and compliance of your 401(k). That means a lot less time spent on running your 401(k) - including on the audit. The best part? Our service includes a 3(16) fiduciary, which means we relieve you of the legal responsibility for plan administration.
Making 401(k) administration our problem instead of yours will make your job a lot more enjoyable. You’re busy, and let’s face it - any time spent on the 401(k) is too much time. Schedule a quick, 10 minute demo today to get started.
Give your employees more than just a 401(k), join the movement.