Skip to main content

You are here

Advertisement

An Auditor’s Perspective on 401(k) Plan Issues

Practice Management

Few professionals have a bird’s eye view of 401(k) plans like that of an auditor. One such professional offers his observations regarding issues and concerns 401(k) plans face and need to address.  

In “401(k) Plan Concerns—from the Auditor Perspective,” Bradley Bartels, a partner at Mann, Urrutia, CPAs, writes that in his work as an auditor of large ERISA 401(k) plans, he works with plans that have effective oversight, policies, procedures, control and communications; however, he also encounters plans that do not. And lacking those attributes is more serious than inefficiency and potential loss of income, he indicates—it also could spell the risk of litigation and corrective action by the Department of Labor or IRS. 

Bartels identifies the following issues that he has encountered with 401(k) plans, as well as why they matter, and what he suggests in each case. 

 

Issue Why it Matters  Suggestion(s)
Lack of established retirement plan committee A retirement plan committee, which includes named plan fiduciaries and managers who are involved in day-to-day operations, exercises oversight and reviews plan activity.  Hold meetings of the committee no less than once a quarter. 
Lack of investment policy statement An investment policy statement guides the fiduciaries and oversight committee regarding their roles and responsibilities, and includes allowable and unallowable plan activities.  The investment policy statement allow fiduciaries the flexibility to use their best judgment based upon circumstances.
Incorrect definition of “compensation issues” Incorrectly defining compensation often results from the plan document defining compensation in too broad a manner, and plan sponsors incorrectly excluding some W-2 wage items.  Clearly define “compensation” and leave nothing to interpretation. Plan Sponsors should periodically revisit the definition of “compensation” in the plan document to ensure that the plan is in compliance with it. 
Not taking minutes at meetings of the retirement plan oversight committee Meeting minutes are key documentation that show that the oversight committee is following the investment policy statement and properly overseeing plan activity; lack of minutes means that there is no evidence that the oversight committee is performing its duties.  Properly documented meeting minutes are key in defending against a lawsuit against the fiduciaries.
No documentation concerning review of investment fees and other fees The number of publicized lawsuits against plan sponsors is an indication of the importance of this issue. Plan sponsors that have kept such detailed documentation have been successful in defending themselves against lawsuits about fees.  Plan sponsors should: (1) note in the meeting minutes that they periodically undergo a deliberate process to benchmark investment fees against other options, and (2) document the decision- making process regarding the selection of a particular investment class over other options whose fees might be lower.
No documentation of the annual review of service provider SOC-1 reports Many plan sponsors are unaware of the existence SOC-1 reports, which concern internal controls which have been tested at the service provider. The plan recordkeeper/custodian and the payroll provider usually are a plan’s key service providers.  Plan sponsor managers need to obtain and review SOC-1 reports annually to ensure there are no problems with internal controls which may affect the plan. The meeting minutes of the oversight committee should include the review of the reports, including how management responded to any issues the SOC-1 report noted.
Repeatedly late remittances of employee deferrals  Even when a plan uses a payroll provider that automatically remits employee contributions to the custodian, late remittance of employee contributions can still arise. Late remittances can result when there are occurrences such as issuance of off-cycle paychecks, and absence of key employees responsible for remitting employee deferrals with no backup. Plan sponsors should review procedures and controls to ensure deferrals are consistently remitted in a timely manner.
Lack of controls and participant education concerning cybersecurity Cyber criminals are trying to take advantage of employees’ fear, confusion and lack of knowledge.  Tell employees to be extra cautious about unexpected emails that seek information about, or distributions from, their 401(k)s. Make sure the team is skeptical or unexpected emails, including such emails concerning 401(k)s, and emails from known parties if they make unusual, unexpected or confusing requests.