Glaring deficiencies in employee benefit plan audits across the accounting industry have prompted the U.S. Department of Labor’s Employee Benefits Security Administration to put several initiatives in place to improve the quality of audits and auditors in the coming years. Is your Employee Benefit Plan Audit auditor preparing for these new standards?
Firms with smaller employee benefit plan practices and correspondingly high levels of audit deficiencies may be subject to more discipline enforced through their state boards of accountancy. The DOL is also recommending amendments to the ERISA Act of 1974 to impose civil penalties more often on CPAs who fail to meet qualifications to perform the audit — or if the audit is determined to be largely deficient.
DOL Recommendations to Improve Audit Quality
- Working with the American Institute of Certified Public Accountants Peer Review staff to improve the peer review process as it relates to employee benefit plans as well as enforcement of discipline on CPAs that don’t receive an acceptable peer review.
- Amending the definition of “qualified public accountant” to include additional qualifications to ensure quality employee benefit plan audits.
- Repealing the “limited-scope” audit exemption so that all auditors are required to file a formal and unqualified opinion — standing behind the quality of the organization’s financial statements.
- Adding more authority to the Secretary of Labor to establish special accounting principles and audit standards that relate to financial reporting issues of employee benefit plan audits.
- Expanding licensing requirements for CPAs that audit employee benefit plans. The AICPA is already planning to offer a certificate program to distinguish CPAs who specialize in EBP audits.
- Expanding education for plan administrators on the importance of hiring a qualified employee benefit plan auditor.
- Communicating with state boards of accountancy to ensure that only competent CPAs are performing employee benefit plan audits
- Communicating with state CPA societies to add employee benefit plan audit training opportunities, particularly in states that have a large number of CPA members performing only a handful of audits annually.
The very nature of employee benefit plan audits is changing to support higher quality audit services. Auditors performing the audit must be aware of these changes and the increased educational requirements and scrutiny. For example, the DOL is calling for more transparency in the audit report that includes listing all plan participants and their beneficiaries as well as outlining management’s responsibilities for the plan. If you need a refresher on plan administration compliance, review this DOL report.
Security Enhancements and Form Changes for Benefit Plan Audits
In addition to how information is laid out in the EBP audit report, plan administrators must be mindful of issues such as cyber security and changes to the Form 5500 that require additional information.
Administrator responsibilities regarding cyber security include:
- Written information security policies
- Periodic audits to detect cyber security threats
- Periodically tested back-up and recovery plans
- Responsibility for losses through cyber security insurance
- Training policies to reinforce security of data
Key changes to the Form 5500 include:
- New questions about unrelated business taxable income, in-service distributions and trust information
- A number of new provisions for multi-employer plans with 500 or more total participants (including retired employees or former employees that have not moved assets from the plan).
As you can see, plan administrators have a greater burden to hire a qualified auditor, given evolving training and certification of auditors and the complexity of the audit itself. It will greatly benefit any plan administrator or trustee to schedule time with a EBP auditor at Cornwell Jackson to understand these changes and pursue additional training if necessary.
Mike Rizkal, CPA is a partner in Cornwell Jackson’s Audit and Attest Service Group. In addition to providing advisory services to privately held, middle-market businesses, Mike oversees the firm’s ERISA practice, which includes annual audits of over 75 employee benefit plans. Contact him at email@example.com.
For more information, check out our benefit plan audit blog here.
Originally published on July 7, 2016. Updated on May 7, 2018.