CERT IF IED PUBL IC ACCOUNTANTS & ADVISORS
A Heritage of Excellence | A Focus on Results | A Partner for Success
Internal Controls Best Practices: Preparing for an Audit
To keep your files and records current, accurate and audit-ready, make sure you are following internal controls best practices in the following key areas:
Permanent Files: Build an ERISA “Fiduciary Binder” with fully executed, signed and dated documents, including all the following:
• Plan Document: Custom Plan Document or Prototype Adoption Agreement and Basic Prototype Plan Document
• Plan Amendments• IRS Determination Letter or Prototype Opinion
Letter• Request for Updated IRS Determination Letter• Summary Plan Description• Summary of Material Modifications• Participant Loan Program (if not included within
the Plan Document)• Trust and/or Custodial Agreement(s) and related
Amendments• Investment Advisor Agreement• Investment Policy Statement• Insurance Contracts or Investment Contracts
(generally applies w/ Insurance Company Custodians)
• Recordkeeping Agreement and/or Third-Party Wrap-Service Provider Agreement and related Amendments
• Actuarial Services Agreement(s) – Defined Benefit (DB) Plans
• Agency Agreement between Trustee/Custodian and Recordkeeper, if applicable
• Collective Bargaining Agreement(s)• Maintain all documents in accordance with ERISA
records retention rules
General Files: Maintain organized files for each Plan Year including:
• Correspondence to/from Regulatory Agencies• Internal Revenue Service (IRS)• Department of Labor (DOL)• Pension Benefit Guaranty Corporation (PBGC)
– Defined Benefit Plans• Minutes of Plan Governance Meetings • ERISA Fidelity Bond – Current Policy• Support for Plan Corrections made during the Year
• IRS EPCRS Voluntary Compliance Program submissions
• IRS EPCRS Self-Correction Program • Safe-Harbor Notices to Participants (Dated)• All Communications to/from Participants (Dated)• Nondiscrimination Testing - Results and Data• Documentation Relating to Plan Mergers,
Divestitures, Changes in Service Providers/Asset Transfers; Investment Fund Changes, etc.
• Form 5500 Filing w/related Audited Financial Statements (Large Plans)
• Related Parties/Parties-In-Interest Documentation
A Heritage of Excellence | A Focus on Results | A Partner for Success A Heritage of Excellence | A Focus on Results | A Partner for Success
CERT IF IED PUBL IC ACCOUNTANTS & ADVISORS
Internal Controls Information: Remember, the Plan Sponsor is responsible for the Plan’s internal control environment, including processes outsourced to external service providers (record keepers, trustees, actuaries, etc.) such as:
• Service Organization Annual Internal Controls Report (SOC 1 or SSAE 16 Report(s))• Evaluate period covered by SOC 1 Report• Evaluate Service Auditor’s Opinion • Review SOC 1 report for control exceptions• Evaluate impact to Plan’s processes and/or
financial reporting• Review SOC 1 “Complementary User Organization
Controls” section and evaluate to verify these controls are implemented
• Internal Control Process Narratives• Plan’s Contributions Remittance Process
IS YOUR PLAN AT RISK?
Cybersecurity:
• Review your written information security policies, including those regarding encryption
• Perform periodic testing of backup and recovery plans• Evaluate your responsibility for losses, including
adequacy of cybersecurity insurance coverage• Establish training policies to reinforce data security
A Heritage of Excellence | A Focus on Results | A Partner for Success
CERT IF IED PUBL IC ACCOUNTANTS & ADVISORS
Annual Reporting Information: Accumulate and retain information for each Plan Year per ERISA retention rules in the following categories:
Completeness reconciliations for financial reporting:
• Reconcile all material activity occurring within the Plan
• Investment balance and activity (by fund and in detail) to amounts recorded by Trust
• Contributions (employee and employer) remitted per Plan Sponsor records to amounts recorded by Trust account• Defined Contribution Plans: Ascertain
timeliness of remittances of employee deferral contributions; correct any delinquent contributions
• Defined Benefit Plans: Verify timeliness of funding of employer contributions
• Benefit payment detail to total payments recorded by Trust account
• Participant loans detail to loans/activity recorded by Trust account
• Administrative expenses per contracts and agreements to amounts recorded by Trust• Forfeiture Account and ERISA Funding
Accounts activity• Trust and custodial reports are generally
maintained on the “Cash Basis”; financial reporting is generally “Accrual Basis”.
Investment Trustee/ Custodian and record keeper information:
• Service Provider Log-In Set up Plan Auditor Access• Audit firms log-in for direct access to all Plan
information and Participant account activity• “Annual Audit Package” (Trust/Custodial
Reporting Package)• Investment Certification • Plan Asset Summary (Trial Balance “Statement of
Net Assets”)• Changes in Plan Assets Summary (Trial Balance
“Statement of Changes in Net Assets”• Detail Activity Reports • Participant Account Activity Report(s) • Stable Value Fund – Adjustment from Contract
Value to Fair Value at Plan Year-End• Insurance Contract/Investment Contract Annual
Financial Statement Disclosure Information• Benefits Payable at Year-end
A Heritage of Excellence | A Focus on Results | A Partner for Success
CERT IF IED PUBL IC ACCOUNTANTS & ADVISORS
Personnel file and payroll information:
• Review Plan Document to determine what types of demographic information is necessary to operate the Plan
• Demographic information to support Plan eligibility and/or participation
• Date of Hire/Rehire (eligibility/service requirement)
• Date of Birth (eligibility/age requirement; age-based in-service distributions)
• Hours Worked (service requirement or contributions allocation criteria)
• Date of Termination (termination distributions; eligibility upon rehire)
• Full-time or Part-time (eligibility)• Union or Non-Union (eligibility; differing
contributions formulas)• Division or Location Codes • Payroll Information to support employee and/or
employer contributions • Plan eligible compensation – detail by participant
(Quarterly payroll tax returns, G/L, etc.)• Employee contributions withheld from pay
(Pre-Tax, Catch-Up, Roth, After-Tax, etc.) • Employer contributions calculated by payroll
(employer match or nonelective contributions)• Support for year-end nonelective or “profit
sharing” contributions
Please contact Liz Harper, CPA, Member in Charge
Sobel & Co. Employee Benefit Plan Audits Group973-994-9494 • [email protected]
Actuarial Information – Defined Benefit Plans:
• Plan Sponsor is responsible to engage qualified specialists; verify the qualifications of the Plan’s Actuarial Firm and Individual Actuary signing documents on behalf of the Plan
• Actuarial Valuation Report(s) • Present Value of Accumulated Plans Benefits
(PVAPB) and Changes in PVAPB• Minimum Required Funding – Schedule of
Quarterly and Final Contributions• Actuarial Census Information• Annual Certification of the Plan’s Funded Status• Annual Schedule SB (Form 5500 Actuarial Schedule)• Reconciliation of census information to actuarial
valuation report• Documentation supporting actuarial
assumptions used by the Plan• Request actuary perform periodic “Experience
Study” to determine continued reasonableness of assumptions used
We are pleased to share this information with you regarding many of the important issues regarding your Employee Benefit Plan audit and your obligations as Plan Administrators or others with responsibility for the company’s Plan. This information is general in nature and may or may not apply to your specific situation. Any guidance or insights offered here should be confirmed with your own accounting and legal professionals. We are always available to help you as well.