2023 Fiduciary Training Series, Part 4: Staying Ahead of Retirement Plan Audits (Webinar Recording)
Effectively managing a retirement plan is a complex and ever-evolving responsibility. The annual plan audit, often regarded with apprehension by plan sponsors, requires a significant commitment of time, effort, and financial resources. Plan sponsors must also grapple with a growing array of auditor inquiries and heightened documentation demands—a direct consequence of the expanding scope of auditing standards in recent years. Furthermore, the possibility of audits conducted by regulatory bodies, such as the Department of Labor and Internal Revenue Service, looms in the background.
To learn what can be done to prepare for these audits, ensure ERISA compliance, and manage fiduciary risks, watch the next installment of our Fiduciary Training webinar series. During this one-hour session, Director of Retirement Plan Consulting Dawn McPherson hosts a panel of three subject-matter experts:
- Susan Shoemaker | Principal and Financial Advisor at CAPTRUST
- Jodi Green | ERISA Attorney and Partner at Tatum Hillman & Powell, LLP
- Scott Miller | CPA and Retirement Plan Auditor at Scott Miller CPA & Associates, Inc
Webinar Highlights—How to Keep Auditors (and Regulators) Happy in 2024
Director Dawn McPherson hosts ERISA attorney Jodi Green (former DOL investigator), CPA auditor Scott Miller, and CAPTRUST advisor Susan Shoemaker for an hour-long clinic on surviving retirement-plan audits—from routine financial-statement reviews to surprise visits from the Department of Labor or IRS.
Why Plans Get Flagged
Form 5500 breadcrumbs: Big forfeiture balances, revenue-sharing disclosures, or “late deposit” boxes checked on Schedule H feed DOL data-mining algorithms.
Operational slip-ups: Late payroll deposits, missed-eligibility errors, and un-cashed checks remain top compliance triggers.
Cybersecurity gaps: New DOL letters ask a dozen pointed questions on encryption, multi-factor logins, SOC 1/SOC 2 reviews, and breach-response playbooks—showing cyber is now treated as an ERISA duty.
What’s New on the Audit Front
AICPA standards adopted in 2021-23 require auditors to tie census data to source payroll, reconcile 5500 filings to financials, and judge the reliability of electronic evidence—dramatically expanding document requests.
Auditors now probe ERISA budget, suspense, and forfeiture accounts; lingering dollars can jeopardize a clean opinion and invite regulator interest.
Common Errors—and Quick First-Aid
Late deferrals, wrong compensation codes, unused forfeitures, and missing-participant balances still dominate findings. The panel’s rule of thumb: fix early, document completely, and—when in doubt—use IRS EPCRS or DOL VFCP to self-correct before an investigator forces a pricier remedy.
Four Annual “Defensive Plays”
SOC report triage: Review each vendor’s SOC findings and shore up any “exceptions”; log the discussion in minutes.
Forfeiture sweep: Empty suspense/forfeiture accounts every year and record why dollars offset employer match or plan expenses.
Fee & provider benchmarking: Compare record-keeping and advisory fees annually; run full RFPs at least every 3-5 years and archive bids.
Minutes that prove prudence: Show committee members read materials in advance, asked questions, and challenged advisors—courts reward active oversight.
Insurance & Outsourcing: Helpful, Not Bullet-Proof
Fiduciary-liability coverage now asks for fee exhibits and IPS copies before quoting; deductibles rise when revenue-sharing is present.
3(38) investment managers and 3(16) administrators can absorb day-to-day risk, but only if you monitor them and confirm they carry equal (or higher) coverage.
Bottom Line
Audits have evolved from checkbox exercises to full-spectrum risk reviews. Sponsors that keep a living fiduciary calendar, refresh documentation continuously, and address small errors early will breeze through—while those who treat audit prep like a last-minute fire drill risk costly corrections and unwanted regulator attention.
To download a copy of the transcript, click here.