Scenario: 2021 is here, and your organization’s 401(K) Plan needs an audit for 2020. Whether this is your first time undergoing a 401(K) audit or you’re a seasoned veteran, there are many ways to prepare for the upcoming audit. One of the most important steps, however, is ensuring you have the proper documentation assembled ahead of time.
Here are four categories of documents that you’ll need to compile to ensure an efficient 401(K) audit process:
- Payroll Documents – There are several payroll reports that are used during the 401(K) audit process. These three key reports include:
- W-3: This is a high-level summary of all employee W-2s that were issued for the Plan year, and it discloses the total amount of employee deferrals that should have been remitted to the Plan during that year.
- Employee Census: This report includes ALL employees that were with the company during the Plan year, regardless of whether they are actively employed or were terminated at year-end. The census report should include key data about each employee, such as birth date, hire date, gross wages, 401(K) salary deferrals and employer 401(K) match (if applicable).
- Payroll Registers: The 401(K) auditor will review several payroll periods as part of their participant testing. Though they may not review every pay period, it’s beneficial to have all payroll registers available so they can be provided quickly once selections are made.
- Year-End Plan Documents – If the Plan uses the services of a custodian/trustee to manage the Plan assets, there will be several key reports available for year-end that will be used during the 401(K) audit. Having these reports available for your 401(K) auditor can significantly cut down the length of the audit. These reports include, but are not limited to, the following:
- Plan Asset Summary: This shows a summary of all funds that are offered to participants in the 401(K) Plan. The report will contain various categories of transactions, sorted by fund, that happened during the year, such as total contributions, realized/unrealized gains and losses, distributions and Plan expenses.
- Participant Summary Report: This report contains all participants that have a balance with the 401(K) Plan. The categories within the report will mirror that of the Plan Asset Summary report, but on a participant basis, rather than a fund basis.
- Contribution Remittance Report: This report will detail all contributions to the Plan on a payroll period basis. This will allow your auditor to verify the company is remitting the participants’ salary deferrals to the Plan in a timely manner, in accordance with Department of Labor regulations.
- Distributions Report: This lists all distributions taken by participants during the year, including the dollar amount of the distribution.
- Participant Loans Report: This report outlines all participants that have taken a loan from their 401(K) account and includes the original loan amount, interest rate, balance at year-end, etc.
- Forfeitures Report: If the Plan has a vesting schedule for employer contributions, then there will likely be a Forfeitures Report available. Forfeitures will occur when a participant takes a distribution that includes an employer contribution amount, for which the participant is not fully vested. The rules for vested service will be outlined within the Plan summary and description.
- Internal Control Documents – As part of a 401(K) audit, the auditor is required to gain an understanding of the design and implementation of internal controls for the Plan. There are multiple reports that will help provide the auditor with a complete picture, including the following:
- Internal Control Memo: This memo should document the processes in the Plan and the individuals that are responsible for carrying out these processes. Some key processes include participant enrollment, deferral rate changes, contribution remittances, participant loans and distributions.
- Service Organization Controls (SOC) Reports: Many plans utilize outsourced services for various functions, such as payroll processing, custodial/trustee services and recordkeeping. These services are considered part of the Plan’s internal control environment. The third-party service provider will typically have an SOC audit completed annually, in which an auditor will come and review the internal controls and test the design, implementation and operating effectiveness of the service provider’s controls. Your 401(K) auditor will want to review these reports for two reasons:
- To ensure that there are no major control deficiencies noted in the internal control environment of the service organization.
- To review the list of Complementary User Entity Controls included in the SOC report and ensure these controls are implemented by 401(K) Plan management.
- Compliance Documents – 401(K) Plans have various compliance requirements that it must maintain and review during the year. Your 401(K) auditor will likely request access to the following:
- Nondiscrimination Testing: Each year, the Plan’s custodian/trustee or third- party administrator will perform testing on the Plan data to ensure compliance with the Internal Revenue Service’s (IRS) discrimination regulations. Noncompliance with these tests will result in corrective contributions or distributions to the Plan.
- Fidelity Bond: To protect the 401(K) Plan, there is a requirement to maintain a fidelity bond, which is a type of insurance that covers the Plan for any losses resulting from acts of fraud or dishonesty. The minimum coverage of the fidelity bond should be equal to 10% of Plan assets or $500,000, whichever is less.
- Investment Committee Minutes: The Plan sponsor has a fiduciary obligation to ensure the Plan is operating in the best interests of its participants. There should be an investment committee meeting at least annually to review various items, such as the Plan’s participation rate, fund performance, fund offerings and participant fees. The committee should also make decisions on changes that can be made to improve Plan performance. Formal minutes should be maintained to document these reviews and discussions.
While this list of documents is not exhaustive, it will give your organization a head start in preparing for your 401(K) audit. Additionally, if your organization is looking for a 401(K) auditor, the experts at SST are equipped and available to assist your team. Learn more about our audit and attest services, and contact us today for immediate assistance.
Special thanks to SST Audit Manager Chris Adams for providing the content for this post.