5 points affecting your 2022 benefit plan audit

New standards are ushering in fundamental changes in the format and content of the audit report issued under generally accepted auditing standards (GAAS).

These include the Statement on Auditing Standards (SAS) No. 134, Auditor Reporting and Amendments, including Amendments Addressing Disclosures in the Audit of Financial Statements Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA).

In addition, SAS No. 136 adds certain performance requirements for Employee Retirement Income Security Act of 1974 (ERISA) plan financial statement audit.

These standards are effective for reporting periods ending on or after December 15, 2021.

Here are five tips to keep in mind during this year’s audit season:

1. Contributions and managing the timely remittance of deferral deposits

Employee deferrals and loan repayments are subject to timeliness rules. It’s important for plan sponsors to understand that not adhering to these rules can be costly to a company. The general rule is that withholdings need to be deposited to the trust no later than the 15^th business day of the month following when these amounts are withheld.

However, the Labor Department can still consider deposits within this timeframe late. If your plan historically makes deposits within 3-5 business days but has even one deposit that occurs subsequent to this standard window, it could be considered late.

Plan sponsors should consult with their plan auditors and third-party administrator to determine whether a contribution is late, as corrective actions would be needed as well as reporting requirements for both the Form 5500 and audited financial statements.

2. Review of information prepared by third-party service providers

It’s not uncommon for plan sponsors to think that because they engage a third-party service provider like a trustee, custodian or recordkeeper, they are relieved of any related responsibilities for their plan. This is a dangerous misconception.

Even with a third-party service provider, plan sponsors still maintain fiduciary responsibilities for the appropriate oversight and review of all services provided. Failure to perform reviews of information prepared or provided by the third-party service providers could result in undetected errors or misstatements in plan financial reporting.

Therefore, plan sponsors should perform periodic reviews of reconciliations of information provided by its third-party service providers, including:

• Reconciling total plan assets per the participant detail (the sum of the individual participant account balances) provided by the plan’s recordkeeper to total plan assets reported by the plan’s trustee or custodian.
• Reviewing activity noted on the trust statement prepared by the plan’s trustee or custodian for reasonableness.

3. Understand definition of plan compensation

Every year it seems that new types of wages are being paid to employees. For instance, many employers have enhanced or changed paid sick leave policies for COVID-19 or have coded COVID-19 pay differently from other wages. Therefore, it’s a good idea to make sure plan sponsors know the definition of compensation included in the plan document.

Plan sponsors should compare the definition used in the plan document with the wages being used to calculate employer — and potentially employer-matching — contributions. This should be done or reverified each year to ensure the correct compensation is being used for the calculation of plan deferrals.

4. Plan expenses

Did you know that certain plan expenses may be paid directly from plan assets? If the plan document allows, certain expenses that could be paid with plan assets (not by the plan sponsor) include investment management fees, trustee/custodian/recordkeeping fees, professional fee, legal and audit and advisor fees.

When expenses are paid from plan assets, ensure the expenses are paid to legitimate vendors and they are calculated in accordance with service provider agreements. In cases where the plan sponsor has multiple benefit plans that use the same vendors, be sure there are correct allocations noted on the invoices to specify how much of the expense should be paid by each plan.

5. SOC 1 reports

As part of using a third-party service provider,  the plan sponsor provides a SOC 1 report that evaluates the service providers controls that are applicable to a user (plan sponsor) entity’s internal control over financial reporting.

It is a specifically designed report to meet the needs of user entities (plan sponsors) and the accountants who audit their financial statements and essentially provide an evaluation of the effectiveness of the service organization’s internal controls. Within the SOC 1 report, complementary user entity controls (CUECs) are operative measures that exist on a user entity (plan sponsor) level within a service-based organization.

Plan sponsors who outsource certain plan functions to a third-party must demonstrate they maintain certain controls over the plan and its operations to permit us to rely on the SOC 1 reports over the third party’s internal controls. One way to do this is to review the CUECs included in the SOC 1 report and document the controls in place at the plan sponsor level to ensure compliance.

Learn more about how Wipfli’s auditing services for employee benefit plans.

Sign up to receive more audit and accounting content in your inbox or continue reading on:

• SAS 134: Your new audit report is here. Are you ready?
• The Gap in GAAP: 9 parts of your financial statement that deserve extra scrutiny
• Lease accounting standards and their tax impact on financial institutions
• The biggest changes to your 2022 audit report