Best Practices in Preparing for an ERISA Audit

By Colin M. Hannifin, CPA, Business Assurance & Advisory Services Senior Manager

Best Practices in Preparing for an ERISA Audit

Successfully navigate an employee benefit plan audit

Once employee benefit plans reach a certain size, an audit is required. An audit can feel overwhelming, and an ERISA audit can feel especially intimidating – small compliance issues and other complexities frequently come up during audits, and many accountants do not deal with retirement plans often enough to feel completely comfortable overseeing the plan. With a few best practices the stress of an ERISA audit can be replaced with confidence that the retirement plan is being well managed.

Know the employee benefit plan service provider team

Managing an employee benefit plan is a daunting task – and may just be a small part of an accountant’s role. Providers know and understand this, and many companies utilize third parties to assist with employee benefit plan management and administration. These same resources are typically accustomed to assisting with employee benefit plan audits.

Perhaps the most common service provider is the payroll processor. This third-party takes information from the company and uses that information to process paychecks, depositing the appropriate amounts to employees, taxing authorities, and others, as appropriate. This often includes withholding any employee retirement deferral and remitting it into the retirement plan by way of a third-party administrator (TPA).

Many companies contract with a TPA, who, as its name suggests, administers the retirement plan for the company. They work to ensure the appropriate amounts are allocated to correct accounts, that appropriate reporting is completed in a timely manner, and that employee retirement accounts are invested as appropriate under the plan document. A TPA will often interface directly with plan participants for any updates in personal data and, sometimes, deferral percentages.

The TPA works closely with the recordkeeper, who essentially serves as the bookkeeper for the plan, tracking participant accounts and the flow of money into and out of the plan. Many plans also contract with an investment advisor to ensure that the plan is providing the best investments for its participants.

While all of these individual employee benefit plan service provider roles exist, there is also the option of bundled-service providers who provide TPA, recordkeeper, and investment advisory services all under one name. Some even also provide payroll services. However, it’s important for the plan sponsor, the company sponsoring the employee benefit plan, to understand all the services being provided for the company’s retirement plan.

It’s also significant to note that while these parties have roles and responsibilities regarding the administration of the plan, ultimate responsibility remains with the plan sponsor. It is therefore crucial that appropriate individuals within the plan sponsor closely monitor the employee benefit plan. During an audit, a plan sponsor will be working closely with all these parties and the auditor.

Understand the employee benefit plan

In preparing for an audit, a plan sponsor will want to ensure that they understand the plan and its governing document, the plan document. Even within the simplest of plans, there can be a significant amount of complexity and nuance. Some of the complex areas where issues are commonly found include:

  • Eligibility

    Who is eligible to participate in the plan? Is there an age or experience threshold employees are required to meet before they are eligible to participate? Are part-time employees (or interns) eligible to participate? Improperly excluding employees from participation is a significant issue.

  • Definition of Compensation

    What types of pay are used for the calculation of employee deferrals or the employer match? Using the wrong definition of compensation to calculate deferrals and match can result in costly corrections.

  • Plan Document Updates

    New laws and guidance will often have to be included in amendments to a plan document; it’s good practice to, every so often, restate a plan document to ensure all required language is included.

Ideally, a company’s systems and policies will be set up such that the application of these areas is relatively seamless. However, a retirement plan and its transactions have to be regularly monitored and reviewed to ensure continued compliance with the terms of the plan document. The team noted earlier – especially the TPA – has a role to play here, assisting the plan sponsor with oversight and administration of the plan.

These are also focus areas of an employee benefit plan audit. However, to the extent issues exist within compliance with the plan document, an audit finding is often just the beginning – correcting errors can be a costly endeavor, with the plan sponsor responsible for making participants whole. Actively understanding and monitoring the plan can help avoid these issues.

Double-check employee benefit plan documentation

During an ERISA audit, there will be significant document requests. An auditor may ask for copies of I-9 forms or other employee-completed forms to verify demographic information; plan enrollment paperwork (or documentation that the employee elects not to participate); deferral rate election forms; investment election forms; support for participant pay rates; and distribution forms.

These requests can seem daunting at first. It is important to understand who has responsibility for each of these items.  It may be the plan sponsor, but it may also be the TPA, depending on the nature of the services provided. Once it is understood where the documentation lives – and what it looks like – it is a matter of marshalling the resources to collect the requests.

A plan sponsor should document all plan decisions and maintain those documents in accordance with document retention policies. An employee’s participation in a plan may extend beyond their employment; some supporting documentation may need to continue beyond their employment as well. As 2020 has pushed an increasing number of companies into a virtual and paperless environment, it’s also important to be cognizant of cybersecurity. ERISA reporting often includes personally identifiable information (PII), which should be closely guarded. A company should be mindful of this when storing or transferring this data.

Communicate Proactively with Your Retirement Plan Service Provider Team and Auditor

When reviewing employee benefit plan data to prepare for an audit, it is not unusual to notice errors. These may relate to noncompliance with plan guidelines, as noted above, or other DOL guidance, such as late remittances or improper use of forfeitures. These sorts of issues come up frequently with employee benefit plans – so much so that the IRS and the Department of Labor have developed ways for errors to be documented, disclosed, and corrected without directly involving the regulators.

When an issue is uncovered, it is important to be proactive in addressing the issue. Allowing an issue to continue unchecked may result in more severe penalties and corrections for the plan sponsor. Additionally, having open and honest discussions about any issue with the auditor and TPA will allow a plan sponsor to correct the issue relatively quickly and put the policies in place to avoid similar issues in the future.


An ERISA audit can seem daunting. However, by following the advice above, a company can be confident in a smooth audit process. At the end of the day, the responsibility for the management of the retirement plan rests with the plan sponsor; a proactive and involved management team builds confidence that the plan is properly managed and monitored. A regular audit is part of the compliance requirements for large plans and an auditor, like a TPA or recordkeeper, can be a partner in helping ensure the plan maintains compliance with all relevant requirements.

For more information regarding employee benefit plan audits, contact your Keiter Opportunity Advisor. We are here to help.

Share this Insight:

About the Author

Colin M. Hannifin

Colin M. Hannifin, CPA, Business Assurance & Advisory Services Senior Manager

Colin is a Business Assurance & Advisory Services Senior Manager at Keiter. He has significant experience in public accounting for both the not-for-profit and private sectors. Colin’s clients rely on him for sound advice and insights on accounting regulations and changes that may impact their business.

More Insights from Colin M. Hannifin

The information contained within this article is provided for informational purposes only and is current as of the date published. Online readers are advised not to act upon this information without seeking the service of a professional accountant, as this article is not a substitute for obtaining accounting, tax, or financial advice from a professional accountant.


Contact Us