Yes, generally, company sponsored retirement plans with 100 or more participants must include an independent audit report with the annual filing of Form 5500. Additionally, the Department of Labor’s Employee Benefits Security Administration (EBSA) can choose to audit a retirement plan, and so can the IRS. For plan sponsors, it’s best practice to always be audit-ready. Read on for guidance on preparedness, including what to expect upon notification of an audit.
Audit-Ready?
Because both the IRS and the DOL can audit employer sponsored retirement plans at any time, it’s wise for plan sponsors to practice good habits related to documentation, adhere to all deadlines, including timely filing of Form 5500, and avoid common audit triggers. World Advisors share this overview of the role of plan audits at the IRS and DOL:
- Retirement plan audits are designed to protect participants by ensuring that workplace retirement plans…comply with ERISA and tax rules. Under ERISA, the IRS oversees a plan’s tax-qualified status, while the Department of Labor (DOL) enforces fiduciary and reporting standards. In practice, every covered plan must file an annual Form 5500 and sponsors of “large” plans (generally 100 or more participants) must include an independent audit.
- …All ERISA-covered plans can be audited by either the DOL’s Employee Benefits Security Administration (EBSA) or the IRS. In 2024, EBSA had enforcement jurisdiction over approximately 801,000 retirement plans and recovered nearly $1.4 billion for participants. The majority of EBSA’s monetary recoveries were the result of enforcement actions and informal complaint resolution. EBSA also made a difference for current and future participants and beneficiaries by obtaining such important non-monetary results as the elimination of illegal plan provisions….
Since retirement plans can be audited at any time, solid documentation protocols are a best practice for plan sponsors, and that includes keeping copies of “all plan documents, amendments, trust statements, summary plan descriptions (SPD), contracts, payroll records, and fiduciary meeting minutes.” World Advisors also reminds plan sponsors that as ERISA Fiduciaries, they are “required to act solely in the interest of participants, act prudently, follow plan documents, diversify investments, and pay only reasonable plan expenses.” Avoid common compliance issues by using this 401(k) Plan Checklist from the IRS, and if you believe errors have been made, proactively look into EBSA’s Voluntary Fiduciary Correction Program. It’s also helpful to know that audits are generally triggered by risk indicators, and avoid these common audit triggers:
- Participant complaints about late contributions or distribution delays (source).
- Late deposits of employee deferrals, which are considered prohibited transactions.
- Inaccurate or late Form 5500 filings, especially when an audit report is missing or when participant counts suggest misclassification (DOL Instructions).
- Excessive plan fees or risky investments that could indicate imprudence.
- Operational failures like missed eligibility, testing errors, or failure to follow plan terms.
What To Expect If Audited
When an audit notice arrives, fast access to documents, including proof that fiduciary duties are being fulfilled, is a must. Security protocols related to the DOL’s cybersecurity guidance are also likely to be requested as part of a retirement plan audit. Following notification, retirement plan sponsors can expect audits to progress through these steps:
- Document Request: The letter includes a request for specific documents, such as plan documents, Form 5500 filings, financial statements, and participant records.
- On-Site Visit: In some cases, DOL investigators may conduct an on-site visit to review documents and interview plan administrators.
- Review and Analysis: The DOL reviews the submitted documents and analyzes the plan’s compliance with ERISA requirements.
- Findings and Resolution: The DOL communicates its findings to the plan sponsor, outlining any issues or violations. The sponsor is given an opportunity to address and rectify the findings.
Depending on the nature and severity of compliance issues or breaches discovered during an audit of the plan, sponsors may expect the following post-audit consequences:
- Financial Penalties: Non-compliance can result in substantial financial penalties. For example, late deposits of employee contributions can lead to excise taxes and penalties.
- Fiduciary Liability: Plan sponsors and fiduciaries can be held personally liable for breaches of their fiduciary duties.
- Corrective Actions: Sponsors may need to implement corrective actions, such as making restitution to the plan or participants, to address compliance issues.
Keep in mind that If you face claims that you have failed in your responsibilities as a retirement plan sponsor, the only type of protection that shields you personally is Fiduciary Liability Insurance—-with it, you’ll be armed with coverage for defense and penalties. Without Fiduciary Liability Insurance, your personal assets are exposed.
To help retirement plan sponsors mitigate their risks, Colonial Surety Company offers an efficient and affordable Fiduciary+ Cyber Liability Insurance bundle. You can even add the coverage on to your ERISA Bond. For a few dollars a day, you’ll be armed with:
- $1,000,000 for Defense and Penalties if you are faced with alleged or actual breaches of fiduciary duty.
- Cybersecurity Coverage for the business and plan, which addresses Department of Labor recommendations, and includes expert response services to curtail damage after an incident.
Get protected now: Fiduciary+ Cyber Liability Insurance
Colonial Surety Company:
- In business since 1930
- Rated “A” Excellent by A.M. Best Company
- US Treasury Listed