Why CFOs must steer benefits audits to avoid fines, penalties

With the final deadline for employee benefit plan audits approaching, CFOs should play a front-and-center role in ensuring that third-party auditors are furnished with plan data, ideally with access to trustee technology platforms, Stacy Farber, a partner at Farmington Hills, Michigan-based accounting firm UHY LLP, told CFO Dive.

The Employee Retirement Income Security Act (ERISA) of 1974 generally requires plans with more than 100 participants to obtain an audit of the plan's financial statements annually and file form 5500 containing the financial details with the Internal Revenue Service. Under ERISA, an employee benefit plan includes pensions, 401(k) and A 403(b) plans.

The objective of benefit plan audits is to report information on the qualification of the plan, its financial condition, investments and the operations of the plan. The Department of Labor typically is involved in post-audit inquiries and enforcement actions, Farber said.

Benefit plan audits are due the last day of the seventh month after the plan year ends — July 31 for a calendar year plan — which can be extended to Oct. 15. Plans that have fewer than 100 plan participants will file Form 5500-SF, a simplified annual reporting form.

“The CFO is often the plan administrator, so they have the fiduciary responsibility to ensure that all of this is done correctly,” said Farber. “If DOL comes in, they can go into much more detail than we can as the auditors,” resulting in fines, penalties, interest, and the potential loss of tax-exempt status.

While an HR staff member may be coordinating the transmission of information to third-party auditors, it’s imperative for the CFO to be constantly engaged, said Farber.

Audits “tend to move a little bit faster because the CFO wants it done, so they'll tend to drive those people to get us what we need faster than when the CFO is not involved,” she said.

Auditors also should ideally have access to technology systems run by plan trustees, she added. Most of the time auditors are given read-only access to technology systems, and delays result in a small number of situations where auditors don’t have access and have to ask company staff to retrieve information.

The biggest problems typically include inconsistent remittances, the lack of timely payroll system updates when employees change their deferral percent or amount, and incorrect matching contributions, Farber said.

ERISA missteps can have serious financial consequences, with EBSA pursuing both civil and criminal actions. According to ERISA enforcement results data from the Employee Benefits Security Administration (EBSA) — part of the Department of Labor — for fiscal year 2022, total monetary recoveries were more than $1.4 billion.

Of that number, $931 million was recovered in civil investigations, including $542 million owed to terminated vested participants in plans that EBSA helped collect. Separately, EBSA investigations also led to the indictment of 103 people — including corporate officers, plan officials and service providers — for crimes related to employee benefit plans. While third-party auditors usually assess compliance through a sampling of transactions, EBSA can review all transactions, significantly magnifying the scope of the review.

CFOs should regularly review plan transaction reports to proactively address issues, said Farber.

“It is helpful to review the transactions occasionally,” as part of monthly or quarterly reports from plan trustees, she said. “It's a good idea, just to even look over them and make sure that somebody's maintaining a remittance schedule and reconciling that periodically, because that's going to help identify issues before the audit.”