CERT IF IED PUBL IC ACCOUNTANTS & ADVISORS

A Heritage of Excellence | A Focus on Results | A Partner for Success

Internal Controls Best Practices: Preparing for an Audit

To keep your files and records current, accurate and audit-ready, make sure you are following internal controls best practices in the following key areas:

Permanent Files: Build an ERISA “Fiduciary Binder” with fully executed, signed and dated documents, including all the following:

• Plan Document: Custom Plan Document or Prototype Adoption Agreement and Basic Prototype Plan Document

• Plan Amendments• IRS Determination Letter or Prototype Opinion

Letter• Request for Updated IRS Determination Letter• Summary Plan Description• Summary of Material Modifications• Participant Loan Program (if not included within

the Plan Document)• Trust and/or Custodial Agreement(s) and related

Amendments• Investment Advisor Agreement• Investment Policy Statement• Insurance Contracts or Investment Contracts

(generally applies w/ Insurance Company Custodians)

• Recordkeeping Agreement and/or Third-Party Wrap-Service Provider Agreement and related Amendments

• Actuarial Services Agreement(s) – Defined Benefit (DB) Plans

• Agency Agreement between Trustee/Custodian and Recordkeeper, if applicable

• Collective Bargaining Agreement(s)• Maintain all documents in accordance with ERISA

records retention rules

General Files: Maintain organized files for each Plan Year including:

• Correspondence to/from Regulatory Agencies• Internal Revenue Service (IRS)• Department of Labor (DOL)• Pension Benefit Guaranty Corporation (PBGC)

– Defined Benefit Plans• Minutes of Plan Governance Meetings • ERISA Fidelity Bond – Current Policy• Support for Plan Corrections made during the Year

• IRS EPCRS Voluntary Compliance Program submissions

• IRS EPCRS Self-Correction Program • Safe-Harbor Notices to Participants (Dated)• All Communications to/from Participants (Dated)• Nondiscrimination Testing - Results and Data• Documentation Relating to Plan Mergers,

Divestitures, Changes in Service Providers/Asset Transfers; Investment Fund Changes, etc.

• Form 5500 Filing w/related Audited Financial Statements (Large Plans)

• Related Parties/Parties-In-Interest Documentation

A Heritage of Excellence | A Focus on Results | A Partner for Success A Heritage of Excellence | A Focus on Results | A Partner for Success

CERT IF IED PUBL IC ACCOUNTANTS & ADVISORS

Internal Controls Information: Remember, the Plan Sponsor is responsible for the Plan’s internal control environment, including processes outsourced to external service providers (record keepers, trustees, actuaries, etc.) such as:

• Service Organization Annual Internal Controls Report (SOC 1 or SSAE 16 Report(s))• Evaluate period covered by SOC 1 Report• Evaluate Service Auditor’s Opinion • Review SOC 1 report for control exceptions• Evaluate impact to Plan’s processes and/or

financial reporting• Review SOC 1 “Complementary User Organization

Controls” section and evaluate to verify these controls are implemented

• Internal Control Process Narratives• Plan’s Contributions Remittance Process

IS YOUR PLAN AT RISK?

Cybersecurity:

• Review your written information security policies, including those regarding encryption

• Perform periodic testing of backup and recovery plans• Evaluate your responsibility for losses, including

adequacy of cybersecurity insurance coverage• Establish training policies to reinforce data security

A Heritage of Excellence | A Focus on Results | A Partner for Success

CERT IF IED PUBL IC ACCOUNTANTS & ADVISORS

Annual Reporting Information: Accumulate and retain information for each Plan Year per ERISA retention rules in the following categories:

Completeness reconciliations for financial reporting:

• Reconcile all material activity occurring within the Plan

• Investment balance and activity (by fund and in detail) to amounts recorded by Trust

• Contributions (employee and employer) remitted per Plan Sponsor records to amounts recorded by Trust account• Defined Contribution Plans: Ascertain

timeliness of remittances of employee deferral contributions; correct any delinquent contributions

• Defined Benefit Plans: Verify timeliness of funding of employer contributions

• Benefit payment detail to total payments recorded by Trust account

• Participant loans detail to loans/activity recorded by Trust account

• Administrative expenses per contracts and agreements to amounts recorded by Trust• Forfeiture Account and ERISA Funding

Accounts activity• Trust and custodial reports are generally

maintained on the “Cash Basis”; financial reporting is generally “Accrual Basis”.

Investment Trustee/ Custodian and record keeper information:

• Service Provider Log-In Set up Plan Auditor Access• Audit firms log-in for direct access to all Plan

information and Participant account activity• “Annual Audit Package” (Trust/Custodial

Reporting Package)• Investment Certification • Plan Asset Summary (Trial Balance “Statement of

Net Assets”)• Changes in Plan Assets Summary (Trial Balance

“Statement of Changes in Net Assets”• Detail Activity Reports • Participant Account Activity Report(s) • Stable Value Fund – Adjustment from Contract

Value to Fair Value at Plan Year-End• Insurance Contract/Investment Contract Annual

Financial Statement Disclosure Information• Benefits Payable at Year-end

A Heritage of Excellence | A Focus on Results | A Partner for Success

CERT IF IED PUBL IC ACCOUNTANTS & ADVISORS

Personnel file and payroll information:

• Review Plan Document to determine what types of demographic information is necessary to operate the Plan

• Demographic information to support Plan eligibility and/or participation

• Date of Hire/Rehire (eligibility/service requirement)

• Date of Birth (eligibility/age requirement; age-based in-service distributions)

• Hours Worked (service requirement or contributions allocation criteria)

• Date of Termination (termination distributions; eligibility upon rehire)

• Full-time or Part-time (eligibility)• Union or Non-Union (eligibility; differing

contributions formulas)• Division or Location Codes • Payroll Information to support employee and/or

employer contributions • Plan eligible compensation – detail by participant

(Quarterly payroll tax returns, G/L, etc.)• Employee contributions withheld from pay

(Pre-Tax, Catch-Up, Roth, After-Tax, etc.) • Employer contributions calculated by payroll

(employer match or nonelective contributions)• Support for year-end nonelective or “profit

sharing” contributions

Please contact Liz Harper, CPA, Member in Charge

Sobel & Co. Employee Benefit Plan Audits Group973-994-9494 • elizabeth.harper@sobel-cpa.com

Actuarial Information – Defined Benefit Plans:

• Plan Sponsor is responsible to engage qualified specialists; verify the qualifications of the Plan’s Actuarial Firm and Individual Actuary signing documents on behalf of the Plan

• Actuarial Valuation Report(s) • Present Value of Accumulated Plans Benefits

(PVAPB) and Changes in PVAPB• Minimum Required Funding – Schedule of

Quarterly and Final Contributions• Actuarial Census Information• Annual Certification of the Plan’s Funded Status• Annual Schedule SB (Form 5500 Actuarial Schedule)• Reconciliation of census information to actuarial

valuation report• Documentation supporting actuarial

assumptions used by the Plan• Request actuary perform periodic “Experience

Study” to determine continued reasonableness of assumptions used

We are pleased to share this information with you regarding many of the important issues regarding your Employee Benefit Plan audit and your obligations as Plan Administrators or others with responsibility for the company’s Plan. This information is general in nature and may or may not apply to your specific situation. Any guidance or insights offered here should be confirmed with your own accounting and legal professionals. We are always available to help you as well.