Episode 87: What 401(K) Audits Really Mean for Plan Sponsors

Please note: This is an AI generated transcription. There may be slight grammatical errors, spelling errors and/or misinterpretation of words.

Revamping Retirement Episode 87

Intro: Covering the ever evolving retirement plan landscape to help identify the biggest opportunities for plan sponsors, CAPTRUST presents Revamping Retirement.

Jennifer Doss: Hello everyone, and welcome to another episode of Revamping Retirement. I’m Jennifer Doss, and I’m joined by my co-host, Pete Ruffle. Pete and I just did another podcast together, and this might be the last one for a little while, Pete, ’cause you’re having a baby coming up here in a month or so

Pete Ruffel: Gosh, that is… Now I feel like the reality of that is sitting in differently than before. I don’t know why it took a podcast to make that hit home

Jennifer Doss: When you put it in podcast terms that we only do per month, you really start to… It starts to become closer and closer, But no, con- congratulations early, and, uh, we will miss you while you’re out. with Pete and I today we have, Brad Bartels.

Brad is a CPA, who’s been in the industry. Brad, I’m gonna do something to you that somebody did to me recently at a conference, and I’m gonna put your tenure in terms of, decades, right? So this is fun. so you’ve… you’ve been in the industry two and a half decades. you work at Munn, which is a full service accounting firm that nationally, um, organizations, and you’ve worked there since 2017.

And one more thing I wanna call out, Brad, before we get you to clean up whatever I just messed up, which is you have a quote on your website under your biography that I just love. It says, “I feel I’m one of the lucky people who gets up in the morning and looks forward to what I do.” And I really like that.

I think it’s a good way to set the tone because,auditing can be a little, dry, and you love what you do, and so this is gonna be a great conversation. So welcome, Brad.

Brad: Thank you, Jennifer and,Peter. Thanks for having me. And yeah, you know, that quote on the website, I really am, I’m lucky that I fell into this industry. I didn’t fall into public accounting by dumb luck. that was a choice. my dad was a CPA. I’m married to a CPA, so I think it was meant to be.

But as far as getting into the retirement industry, that was just dumb luck. way early on in my career, I was just a staff accountant working at the firm I was starting at. Partner comes to me and says, “Hey, we’ve got these 401plan audits that we need to do, and you’re available for a couple of weeks, so we’re gonna put you on them.”

And I was like, “Well, I put money in my 401, but other than that, I don’t know anything about them.” And did a couple of them. And yeah, almost three decades later, here I am rocking and rolling in the industry. And it’s amazing in this industry, the people in it are so committed to participant outcomes and working together.

it’s not like people are competing against each other. Everyone’s working together to get people’s retirement in the right place. And so I’m just lucky that I’m in this industry and get to work with great people.

Pete Ruffel: it is contagious, that mantra, that mojo, Brad. So, like,Jennifer already said, just wanna underscore the fact that as much as this is amaybe troubling conversation for people, anytime you hear the word audit, maybe from a personal tax perspective. But,the retirement plan space is infinitely interesting, and this is just one aspect of it that we hope to enlighten our audience today about.

So, with that, we obviously have a lot of different, audience members that represent parts of a plan sponsor investment committee or from the HR staff. So I think the first question we wanna ask you is just how would you describe the purpose of a retirement plan audit?

Brad: A lot of people hear the word audit and they cringe and they think, “Oh, people are coming in. They’re gonna look to get me in trouble. They’re gonna look to show me all the problems.” And, really from a retirement plan audit, it’s to help the plan sponsor And to help the participants. the audit’s really about protecting the participants’ accounts. It’s about protecting the plan sponsor for their compliance with ERISA, and it’s making sure that the DOL says if they ever came in and looked at the plan, that the DOL said, “Yep, everything’s looking good.”

so it helps the plan sponsor and the fiduciaries who oversee the plan sleep better at night knowing that everything is in place as far as our audit procedures are concerned. it helps the employees and the participants know that their accounts are safe, that they’re being valued properly, and the transactions going in and out of the accounts have proper controls and people looking at it and are valued properly.

and it really gives the DOL comfort that there’s CPA firms all around the country doing the work of the Department of Labor, if you will. We don’t work for the Department of Labor. just making sure the plans are in compliance with, various ERISA and DOL requirements.

So it’sa multi-folded,layered, purpose for the audit, but it’s really to make sure that everyone’s doing what they should be doing and participants are protected, at least from the audit focus that we have.

Jennifer Doss: So what I take out of that is in my experience, has been the auditor’s there to help, right? They’re there to help, identify any issues that need to be brought up and to help, try to fix those. So you guys really are trying to work with the plan sponsor, and the consultant if there’s one So what do you think plan sponsors most commonly misunderstand about what you are responsible for? Is it that you don’t work for the DOL?

Brad: People’s got some ideas of what we do and what we come in and look at, and what we’re looking at. think one misconception that’s out there is that when people think, “Oh,the CPA firm’s coming in and they’re doing an audit of the plan,” when we’re done and we issue the financial statement and it has a clean, audit opinion, that they mean that the plan is fully in compliance with ERISA and there’s no violations.

that’s not quite true. there’s a lot of ERISA compliance areas that the audit doesn’t get involved in. one thing is we don’t test every single participant in the plan for all their activity. We’re only looking at a sample, so there’s no way we could know if every single person and their account is in compliance and has been treated the right way because we only look at a sample.

so there could be undetected compliance issues that just from a sampling standpoint we don’t look at. so we can’t say, without a shadow of a doubt a plan is perfectly in compliance ’cause we don’t look at it with that level of assurance. another misconception is that when people think when we’re looking at an audit, we’re looking at the investments and we’re giving a green light that the investments are, in compliance ERISA requirements and they’re performing appropriately.

So we’re not evaluating the quality of the investments or if they’re right for the plan. We’re really looking at are the participants who are in those investments, are they earning the right amount of money compared to, what a third-party source says.

most plans that we look at have your plan bill in mutual funds or pulled separate accounts or things like that. But if all of a sudden there was a very unorthodox investment, then we might question but we’re not looking to specifically say, “You know what?

This investment is performing below the benchmark in this particular family. You need to replace it.” that’s not what a 401audit does. and I think probably the last misconception that I can think of is that people think that we’re responsible for fixing the plan if we do find errors or compliance problems, and that’s not what we do.

it’s really up to the plan sponsor,and also in association with their TPA or investment advisor if we identify problems, for them to fix it and figure out what’s the best way to get back in compliance. And maybe they need to involve an ERISA attorney if they really have gone sideways on certain issues.

So we’re not there to fix it. We’re there to help identify issues and help figure out the right way to get them fixed, so that way in the very, very small sense that the DOL comes knocking on the door, they’ve already been taken care of.

Pete Ruffel: That’s super helpful, Brad, and obviously a lot of nuance for that. you gave some sense to that really an audit experience is very individualized of what a plan sponsor might go through, how their plan is designed, and what you’re testing for. So maybe to bring it back a little bit, can you just walk us through the initial steps that a plan sponsor might experience or look to interact with their CPA once that audit process begins?

Brad: if we were talking about misconceptions, there may be another one that people think that, “Oh, my 401plan is really little. There’s not much work done. It’s gonna be a quick in and out thing, and the auditors will be done and it’ll be done in a couple of days.”

there’s really a bit more work that happens way on the front end to get to that point. there’s a lot of planning and preparation that a CPA firm needs to do before they actually get to the days when their staff or their team is scheduled to perform the actual blocking and tackling of the audit procedures.

there’s what’s called the audit package that we need to get from the custodian or the trustee, whoever’s preparing all the records. Typically, a CPA firm likes to get that three to four weeks ahead of when their team is scheduled for the audit, and this is because they need to understand what happened during the year.

We need to be able to go through and pick sample selections, so participants we wanna test, transactions that we may need to test. And it takes time for us to go through and do that, and then we need to send those requests out to either the plan sponsor or to the custodian to give them time to process those requests and send us the information, so we can be ready and have all the information,when we get to the dates when the audit is scheduled.

So there’s a lot of upfront planning that needs to be done, and so we start the audit process well in advance of the field work. one other thing that plan sponsors need to be aware of is that they probably think that, “Oh, the custodian or their advisor’s gonna handle everything.” And that’s not quite true.

There’s a lot of information that we need to get from the plan sponsor in terms of information and personnel files, payroll records that really the plan sponsor has access to. the plan sponsor will be much more involved in the audit than some think if they’re not familiar with the audit process, just because a lot of the information that is at their office and not housed with the TPA or whoever the record keeper is.

Probably another thing that plan sponsors should be aware of is that we really need them to be ready and available to us when we’re doing the audit. A lot of questions come up about payroll and compensation and pay rate changes and whatnot that we’ll need to ask them during the audit.

So we just wanna make sure they know that, “Hey, if our team is scheduled for these two days, we need you to be available those two days as well if we’re not on site, to be able to take phone calls or video questions or whatever, to just keep this moving and to get answers to question timely.”

So those are probably the biggest things once it begins that plan sponsors should be aware of, just to be able to make the audit process go as smooth as it can.

Jennifer Doss: Brad, you just hit on a couple of these, but maybe just to ask you more directly, what would a well-prepared plan sponsor look like, To go into those, meetings and to be having those conversations

Brad: one thing that plan sponsors need to be aware of is that they need to look at their CPA as an advocate and a business partner in this audit process. They’re not out to get them. They’re not out to, like, find every problem in the plan.

We wanna work with our plan sponsors and help them make their plans better, and if there are any issues, we wanna help them identify those and find those and get them buttoned up so that, like I said before, in the very small case that the DOL comes knocking at the door, they’ve already got these things taken care of.

the plan sponsors that see us as a business partner and work with us in the process, those audits go so much smoother. they go really well. other things that make plan sponsors really well prepared and make the audit process go smoother is if someone at the plan sponsor has a designated point person on their side that’s responsible for the audit.

So someone that our team can always talk to there, and then that person can say, “Okay, I’ll take care of that question,” or they’ll delegate it out to other members of their office, but then they all come back through that person. Just someone that can, quarterback the audit process from the plan sponsor side of things and make sure nothing gets overlooked, nothing falls through the cracks.

one of the big things we ask for at the beginning of the audit when we’re planning is the census reports, out of the payroll system, and that’s something that the plan sponsor’s already sending to whoever’s doing all the compliance testing.

but we need that as well. But one thing we always need to know is, has the plan sponsor made sure that census is complete and it’s got all the wages and all the employees on it? Because if we get that when we’re planning and we can’t reconcile that census to the payroll records, we have to stop because we don’t know if we have a complete report, so that can really hold up the audit from the get-go.

So plan sponsors that’s reviewed their census to make sure it’s complete and the wages reconcile their payroll reports is a big step to getting a successful audit going and a well-prepared plan sponsor. a plan sponsor that is really committed to getting all of the information to the CPA firm by the requested due dates goes a long ways in getting that audit going really smoothly and being well prepared.

Probably the last thing I could think of is that, a plan sponsor that has their, oversight committee meetings where they’re monitoring the plan regularly, if they have the minutes from those meetings documented and prepared and able to give to us, that gives us a really good feeling that, hey, this plan sponsor, they’ve got their stuff together.

They’re organized. They’re monitoring the plan. They’re keeping an eye on things. that really goes a long ways in showing us that this plan sponsor is committed to overseeing and taking care of their plan.

Pete Ruffel: it feels like there’s tons of room just based off what you just teed up for probably some common audit style findings, Whether that’s truly on the plan administration side about, how does the plan design actually impact these, sample participants versus just how the company is managing their payroll and otherwise.

Is there a few key things that you typically mention to plan sponsors ahead of an audit or things you just commonly see when it comes to these plan audits?

Brad: Yeah, there’s a few, low-hanging fruit items that I’m sure, those who will be listening to this podcast have heard. one of them is the late remittances, of employee, contributions. that’s probably the most common one that we run into. it’s pretty amazing that even in this day and age of automated payroll where, they withhold the remittances and send them out automatically, there’s still delays, in how that works.

the rule is that for a large plan that needs an audit, that the plan sponsor needs to remit it, the language is as soon as administratively feasible, remit those withholdings to the custodian. So but what does that mean? it means something different to each company because each company sets the bar.

So if we’re auditing one plan and they’ve shown that they can remit that money in two days, then that’s the standard they’ve set. So then if we see something that takes five days, six days for whatever reason, we have to flag that and put as a potential late remittance. We might have another plan we’re working with where the payroll is all manual and they remit it themselves and maybe they’ve shown they do it in five days, which still in this day and age seems like it’s a long time.

But if they consistently do it in five days, then that’s what they have set. And so,in that point we’d be looking for something, eight or nine days late, so that would be considered a late remittance for that case. it’s plan by plan, but every year we probably have, seven or eight plans if not more that have late remittances.

And, sometimes they’ve got legitimate excuses, but it’s very rare. the DOL doesn’t have too many, outs for remitting something late. So once you’ve demonstrated you can do it, in a certain amount of time, that’s the standard you’re held to. Probably the second, common issue that we run into is definition of compensation issues, related to, calculating deferrals or, matches or other types of contributions.

a good example of that is the plan document will say, “Hey, eligible compensation for deferrals and matching and whatnot is all W2 wages.” pretty straightforward. Anything that’s on the W-2 is eligible for it, in box one or whatnot. But then we’ll see that, the company did bonuses and didn’t withhold on bonuses.

those are W-2 wages. Or there was some sort of a PTO payout for people. that’s a W-2 wage and there wasn’t withholding on that. Or off-cycle payrolls for, a myriad of reasons, and those don’t get withholdings. the problem is the plan document says all W-2 wages, and so we have to look at that as well.

there were calculation issues where the employee wasn’t allowed to defer as much. The match was probably not high enough. And so the problem with that is then the plan sponsor’s on the hook for making additional corrective contributions to make the participants whole.

There’s a disconnect between what the plan document says and how the plan sponsor’s been operating the plan for potentially years if it comes to us as a new audit and we look at it. A couple other ones that we’ll see, and I already mentioned this, was no documentation plan oversight, so no meeting minutes.

the Department of Labor really wants to make sure that those who are responsible for overseeing the plan are in fact doing that, and the easiest way to do that is just keep minutes from the meetings so that if the DOL comes knocking on your door, that’s probably one of the first things they’re gonna ask for, and you can at least say, “Yep, here’s our minutes.

here’s everything we’ve been doing.” And at least it’s a first layer of protection. also, we’re in such a litigious environment now with all the lawsuits, it also is a good way to document that you’re monitoring investments, you’re monitoring fees. and anything where there’s a lot of lawsuits, m-make sure you get those in your minutes for how you’re monitoring those and documenting those to protect yourself if it ever comes up. Probably the last thing that I’ll comment on for common audit findings is plan sponsors are supposed to monitor the service providers to the plan. And the most common service providers are gonna be your custodian or whoever your record keeper is, and the payroll provider if you use a big outside payroll service.

And those service providers will typically have what’s called a SOC 1 report And it’s basically a test of the internal controls over retirement plan transaction processing, or for a payroll provider, payroll processing. And another CPA firm comes in and does an audit of those controls over those processing and those transactions and provides what’s called a SOC 1 Type 2 report. The service provider is supposed to give that to whoever their customers are,and then they’re supposed to read it and do what they’re supposed to do with it. For 401plans, plan sponsors need to be reviewing these service providers and reading these reports, making sure there’s no errors or deficiencies in the processing of all these retirement plan transactions.

and if there was, it could potentially impact a lot going on in their plan. So it’s pretty common for us to ask if plan sponsors have reviewed the SOC 1 reports, and the answer is no, they haven’t looked at them. So it’s a common recommendation for us is that as part of your oversight of the plan, you need to document you’re reviewing your service providers, document it in those meeting minutes to show that you’re monitoring them.

I do have a war story from a number of years ago. we were looking at, distributions from the plan, and we were looking at the vesting, and the vesting calculations were not right. And it happened to be at the same time we were looking at the SOC report for the service provider, and I won’t name any names here, but there were errors in vesting calculations at the service provider.

And so we go to the plan sponsor and say, “Hey, did you know about this problem in your SOC report?” And they were like, “What SOC report?” So there was a red flag right there. Then we told them we were finding the calculation errors, so they had to go back and look at every distribution from the plan that year we were auditing and look at every vesting calculation, and they found a lot of vesting calculation errors.

They ended up having to put money into the plan to make the plan whole because participants who should have been 60% or 80% vested were getting too much money. And it’s kinda hard to go back to a person who’s left the company and ask for the money back. you gotta look at these SOC reports to make sure that there’s no errors, and you need to get ahead of them if there are.

those are probably the four most common ones I could think of that we run into.

Jennifer Doss: are good ones. And, Brad, I wish I could say that I am not familiar with SOC reports. but Pete and I are very familiar with SOC 1s, Type 2s, SOC 2s, Type 2s. Way more than I ever thought I would be able to. but you’re right. It is really important, we try to do that to help our clients monitor their service providers.

that is an important piece, so appreciate those. maybe just to shift gears, so if a plan sponsor is, you mentioned like getting a new client, earlier, and obviously some people are gonna move from, “Hey, I wasn’t required to get an audit,” to, “Now I am required.” And that’s why they’re obviously looking for a CPA, or maybe they have one they’re trying to see if there’s, anything better out there or somebody who specializes in, retirement plan audits.

So if they’re looking for an auditor for whatever reason to support their plan’s, annual requirements, what are the things that they should be considering when they’re looking?

Brad: the retirement plan industry, it’s very specialized, and so a plan sponsor who needs to find a CPA firm for the first time, you wanna make sure that you’re selecting a CPA firm that works in the retirement plan industry and really understands the unique characteristics of what these plan audits if the plan sponsor was a casino, for example, and they need an audit, you’re gonna pick a CPA firm that specializes in the gaming industry. for your 401plan, you wanna pick a CPA firm that specializes in the ERISA, 401audits.

here’s a few bullet points that they should look for. how many 401audits does the firm perform? if they really only perform one or two, that’s probably a red flag. You wanna, at least look for a firm that does, 20 or 30 is probably the minimum number get a feeling that a firm specializes in the industry.

You wanna make sure that the CPA firm is a member of the,AICPA Employee Benefit Plan Audit Quality Center. So that is a specialized part of the AICPA for CPA firms who do 401audits and retirement plan audits to get really specialized updates from the Department of Labor, the IRS, the AICPA on what’s really the hot topics in the retirement plan industry.

It’s a source of trainings for all the staff, at these firms to stay up to In order to be a member of the Audit Quality Center, the firm themselves have to meet certain minimum training and other, retirement plan industry standards. So firms that are a member of that are really involved in the industry and know what’s going on.

Um, they wanna ask if the CPA firm has undergone, a peer review and were 401audits subject to that peer review, and were there any deficiencies found by the peer review in those 401audits. A peer review is basically when another CPA firm comes into another firm and reviews their files to make sure that firm is meeting all of the audit quality standards.

So we’re self-policing ourselves. typically it’s every three years is how that happens. But a CPA firm that specializes in 401audits should have those as part of their peer review, making sure that other firms agree that firm is meeting the audit standards and the audit requirements for those specialized audits they wanna ask the firm what kind of training do they provide their staff for 401audits.

So our firm provides training every year and throughout the year on industry updates. And so you wanna make sure you pick a firm that’s keeping their staff up to date on what are the DOL hot topics, the retirement plan industry hot topics, what are issues that plan sponsors are dealing with, just so they know what’s going on in the industry and can listen for potential issues at the plan sponsor.

is the CPA firm involved in other industry groups such as NIPA or Western Pension and Benefits Council, just so they can stay involved in the industry and talk to TPAs and advisors and attorneys on what else is going on in the industry. and lastly, has that firm ever been subject to any Department of Labor or state society sanctions against them for their retirement plan audits, and what happened and how was that remediated?

if anybody out there wants to look me up on LinkedIn, I did write an article on the request for proposal process for 401audits. So if you look me up on LinkedIn, you can look for articles I published, and there’s one out there with more tips on sending out RFPs for 401audits out there

Jennifer Doss: Brad, appreciate that because we get that question a lot directed towards us of what should I be looking for? Who should I be talking to? So it’s always helpful to get, tips and tricks for the RFP process. If you could give plan sponsors, one piece of advice, as they’re heading into, an audit, what would it be?

Brad: I would say the biggest piece of advice I could give is start the process early. don’t wait until August. if you’re a calendar year-end, don’t wait till August to get it started. at that point, your CPA firms are slammed with these audits and other things, and it’d be tough to get it scheduled.

So be proactive, get it started early. you be the one that reaches out to your firm and your TPA and say, “When can we get the reports going? Wanna get this process going early.” The ones that are proactive, really, the audits go a lot smoother. They get done quicker. They identify any potential issues before we even get involved, and they let us know.

those plan sponsors who do that, they have a much better chance of getting the audit done with no errors and get it done timely. We realize that the audit is an inconvenience to our plan sponsors.

they’d rather be taking care of their customers, their community, whatever they’re doing, than dealing with the pesky auditors, and so we’re sensitive to that. we have a process that we need to do, but if a plan sponsor’s engaged in that and gets it done early, it goes really well, and everyone likes that process better.

 

Pete Ruffel: thank you for your time, but, being that our title of our podcast is Revamping Retirement, we love to ask our guests what does retirement look like for you? So Brad, have you thought about retirement and do you have an idea of what retirement would look like for you?

Brad: I feel like it’s a ways away, but I also feel like it’s right around the corner. so yeah, retirement for me, I’ve got plans. I really have a goal. I wanna play a golf course in all 50 states, I’m a golfer. I like to golf, and so I’ve knocked a few states, on the list, but I definitely wanna play a golf course in all 50 states, so there’ll be a lot of golf.

I like to be outdoors, so there’s gonna be hiking, camping, pulling our trailer to different national parks and hanging out and seeing the great outdoors. exercising and staying fit. I’d rather be the oldest person at the gym than the youngest person at the retirement home, so I wanna exercise and stay in shape and healthy.

and lastly, probably continuing my appreciation of wine and good bourbons would definitely be involved, in retirement as well.

Pete Ruffel: Busy schedule to say the least. when you make your way out to North Carolina way, you just let Jennifer and I know, maybe we’ll join you out on the links. thanks again, Brad. Appreciate everything you’ve walked us through today. Some great tips, some great advice. A lot for people to mull over, especially if they’re going into maybe a long form requiring a plan audit this season.

just wanna thank again to our audience, and just a reminder to them, if you like what you heard today, to like and subscribe and, that’s a wrap. Thanks again.

Brad:

The discussions and opinions expressed in this podcast are those of the speaker and are subject to change without notice. This podcast is intended to be informational only. Nothing in this podcast constitutes a solicitation, investment advice, or recommendation to invest in any securities. CAPTRUST Financial Advisors is an investment advisor registered under the Investment Advisors Act of 1940.

Nancy: This presentation does not contain legal, investment, or tax advice.Views expressed are those of the speakers and interviewees and not necessarily the views of CAPTRUST. Opinions are subject to change without notice.

Disclosure: CapFinancial Partners, LLC (doing business as “CAPTRUST” or “CAPTRUST Financial Advisors”) is an Investment Adviser registered under the Investment Advisers Act of 1940. However, CAPTRUST video presentations are designed to be educational and do not include individual investment advice. Opinions expressed in this video are subject to change without notice. Statistics and data have come from sources believed to be reliable but are not guaranteed to be accurate or complete. This is not a solicitation to invest in any legal, medical, tax or accounting advice. If you require such advice, you should contact the appropriate legal, accounting, or tax advisor. All publication rights reserved. None of the material in this publication may be reproduced in any form without the express written permission of CAPTRUST: 919.870.6822 © 2026 CAPTRUST Financial Advisors.