5/7/2019
1
Employee Benefit PlanAudit Training Part 1 401(k) Basics, Introduction and Planning
• ERISA rules
• Types of Plans
• Key Parties
• Planning and risk assessment
• Internal controls and risk assessment
Agenda
1
2
5/7/2019
2
ERISA
Employee Retirement Income Security Act (ERISA) of 1974
Governs operation, administration & annual reporting for pension & welfare plans
ERISA contains four Titles
• Title I—General DOL responsibilities
• Title II—Tax Law requirements
• Title III—Specific jurisdiction and enforcement procedures
• Title IV—Multiemployer plan matters
3
ERISA IS ADMINISTERED BY
Department of Labor (Employee Benefit Security Administration (EBSA))
Internal Revenue Service (IRS)
Pension Benefit Guarantee Corp. (PBGC)
Social Security Administration (SSA)
4
3
4
5/7/2019
3
GENERAL REPORTING REQUIREMENTS Requires annual reporting via the Form 5500, Form
5500-SF, or From 5500-EZ
Plans with 120 or more participants may require a financial statement audit
Plans with under 100 may require a financial statement audit if certain waiver conditions are not met
Certain financial entities also file directly with the DOL—Direct Filing Entities
5
HELPFUL LINKS• EBSA website
– http://www.dol.gov/ebsa/
• FAQs about pensions plans and ERISA
– http://www.dol.gov/ebsa/faqs/faq_compliance_pension.html
• FAQs on the Small Pension Plan Audit Waiver Regulation
– http://www.dol.gov/ebsa/faqs/faq_auditwaiver.html• FAQs about Abandoned Plans
– http://www.dol.gov/ebsa/faqs/faq-abplanreg.html• FAQs about the DFVC Program
– http://www.dol.gov/ebsa/faqs/faq_DFVC.html
6
5
6
5/7/2019
4
WHAT IS A 401(K) PLAN AND HOW DOES IT WORK?
7
DEFINED CONTRIBUTION PLAN
• A plan that provides an individual account for each participant and provides benefits that are based on all of the following: amounts contributed to the participant’s account by the employer or employee; investment experience; and any forfeitures allocated to the account, less any administrative expenses charged to the plan.
• Total of the individual participant accounts = net assets available for benefits
8
7
8
5/7/2019
5
FEATURES OF A 401(K) PLAN• Participant data
– Eligibility
– Auto enrollment
• Contributions
– Contribution limits
o Increasing limits EGTRRA
o Catch up contributions
o Rollover
– Vesting & forfeiture
– Eligible compensation
– Salary deferral
o Roth contributions
– Employer match
– Testing 415 (c) limits
o ADP/ACP testing limits
– Timeliness & reporting
9
FEATURES OF A 401(K) PLAN• Investments
– Elections (participant directed vs. non-participant directed)
– Frequency of changes to elections
– Types of investments
– Valuation methods (daily valuation)
• Benefit Payments
– Distributions
– Eligibility
– Rollover
– Reporting
10
Other
• Participant loans
• Parties In Interest (PII)
• Prohibited Transactions (PT)
• Expenses and new reporting
9
10
5/7/2019
6
WHAT MAKES A 401(K) PLAN DIFFERENT?
• Four things differentiate a 401(k) plan from other retirement plans.
1. When you participate in a 401(k) plan, you tell your employer how much you want to go into the account. You can put a portion of your wages into the account each month, but the employer has the right to limit that amount. The IRS limits the total annual contribution, which is increased for cost-of-living each year.
2. The money contributed comes out of your paycheck before you ever have a chance to get your hands on it. That makes the 401(k) one of the most painless ways to save for retirement.
11
WHAT MAKES A 401(K) PLAN DIFFERENT?
3. If you’re lucky, your employer will match a portion of your contributions. Your employer wants you to participate in the plan because of compliance issues we’ll talk about later. The matched amount they offer (the free money part) is your incentive to participate.
4. The money is invested in mutual funds, bonds, money market funds, etc. You choose which of the investments offered by the plan you want to invest in. The plan has a list of investments vehicles you can choose from as well as some guidelines for the level of risk you are willing to take.
• The drawback to the 401(k)? Generally, if you withdraw your money before you are 59.5 years old, you’ll have to pay the tax on it, PLUS a 10% penalty to the IRS.
12
11
12
5/7/2019
7
KEY PLAYERS AND THEIR ROLES
• Plan
– Plan sponsor
– Plan administrator
– Plan participants
– Plan governance committee
– Human resources
– Treasury department
– Payroll department
• Service Providers
– Trustee/custodian
– Investment advisor
– Recordkeeper
– ERISA legal counsel
– Payroll processor
– Appraiser
– Outside administrator (TPA)
13
PLAN SPONSOR
• An employer that establishes a 401(k) plan for the benefit of their employees. The Plan Sponsor determines how the 401(k) plan will operate.
14
13
14
5/7/2019
8
PLAN ADMINISTRATOR
• The person identified in the plan document, by the plan sponsor, as having responsibility for the day-to-day operation of the plan. It could be the employer, a committee of employees, a company executive, or someone hired for that purpose.
15
PLAN GOVERNANCE COMMITTEE
• The person or people with responsibility for overseeing the strategic direction of the plan and obligations related to the accountability of the plan.
16
15
16
5/7/2019
9
PAYROLL DEPARTMENT
• Department within the company that is generally responsible for participants’ earnings and census data, such as hire date, termination date, sex, marital status, date or birth, etc.
• This function can be outsourced to a third party payroll provider.
17
TRUSTEE/CUSTODIAN
• Plan assets are required to be held in trust to assure that assets are used solely for the benefit of the participants and their beneficiaries. The Plan Sponsor can elect to serve as the trustee or hire an outside party to serve as trustee.
• If the Plan Sponsor elects to serve as the trustee, a custodian is hired to hold plan investments.
• Functionally, there is little difference between a custodian and a trustee as both hold plan investments.
18
17
18
5/7/2019
10
INVESTMENT ADVISOR
• Hired by the plan sponsor, the investment advisor provides investment advice, research services, and certain administrative services.
19
RECORDKEEPER
• The recordkeeper will track and properly allocate contributions, earnings and losses, plan investments, expenses, and benefit distributions. In addition, the recordkeeper will usually help prepare the plan’s annual return/report (Form 5500).
20
19
20
5/7/2019
11
OVERSIGHT AGENCIES
• Department of Labor (DOL)
• Internal Revenue Service (IRS)
• Public Company Accounting Oversight Board (PCAOB)
• Securities and Exchange Commission (SEC)
21
SOURCES OF PLAN INFORMATION• Investment assets records – provided by the
trustee/custodian and/or Plan Sponsor
• Participant data – Plan Sponsor
• Contribution records – Plan Sponsor
• Distribution records – Plan Sponsor and/or recordkeeper
• Individual participant’s account information –recordkeeper
• General accounting records – recordkeeper and trustee/custodian
• SOC 1 report – recordkeeper and/or trustee/custodian
22
21
22
5/7/2019
12
PARTY IN INTEREST/PROHIBITED TRANSACTIONS
• A party in interest is a
– fiduciary or employee of the plan,
– any person who provides services to the plan,
– an employer whose employees are covered by the plan,
– an employee association whose members are covered by the plan,
– a person who owns 50 percent or more of such an employer or employee association,
– Relatives of such person just listed
• A prohibited transaction is a transaction between a plan and a party in interest that is prohibited under Section 406(a) of ERISA– Statutory and administrative exemptions are available
23
AUDIT PLANNING AND RISK ASSESSMENT
24
23
24
5/7/2019
13
AUDIT PLANNING AND RISK ASSESSMENT
• Planning and General Auditing Considerations– Establishing the overall audit strategy for the
engagement and developing an audit plan
• Risk assessment procedures– All of the procedures performed to obtain an
understanding of the plan and its environment, including its internal control, to assess the risks of material misstatement at the financial statement and relevant assertion levels
25
PLANNING AND GENERAL AUDITING CONSIDERATIONS
• Client acceptance and continuance
• Audit scope
• Agree to terms of engagement (engagement letter)
• Communication with those charged with governance
• Establish audit strategy & plan
26
25
26
5/7/2019
14
NON-ATTEST SERVICES AND AICPA INDEPENDENCE RULES
• Revised Ethics Rules—effective for periods beginning on or after December 15, 2014
• Services no longer considered part of the audit– Financial statement preparation– Cash-to-accrual conversions– Reconciliations– Other
• Permitted to assist management with financial statement preparation, but must make certain the requirements are met and other non-attest services do not have a cumulative effect 27
COORDINATION AND COMMUNICATION
• Planning meeting with client
– Agree on scope of audit and timing
– Communication with those charged with governance (TCWG)
– Planning meeting well in advance of audit fieldwork may significantly improve both effectiveness and efficiency of the audit
• Coordination with Plan’s service providers
– Recordkeepers
– Trustees/Custodians/Insurance Companies
– Investment advisors or managers
28
27
28
5/7/2019
15
COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE (TCWG)
• Identifying TCWG– Inquire with management and consider parties with oversight
responsibilities
– TCWG may consist solely of the company owner who is also the plan administrator
– A committee of employees – plan administrative committee or investment committee
– Audit committee of the plan sponsor
• Engagement Letter
– Required communications may be included in engagement letter with a copy provided to TCWG
– Example engagement letter included in Chapter 2 of the AICPA Audit & Accounting Guide, Employee Benefit Plans (AEBP)
29
ESTABLISH AUDIT STRATEGY & PLAN• Strategy - Scope, timing and direction of the audit, including
development of audit plan
• Planning is an iterative process throughout the audit
• Considerations:
– Coordination with audit of plan sponsor
– Use of internal auditors
– Involvement of specialists (management’s vs auditor’s)
– Transactions processed by service organizations
– Related party and party-in-interest transactions
– Initial audits of the plan (AU-C 510)
30
29
30
5/7/2019
16
RISK ASSESSMENT
31
RISK ASSESSMENT• Risks of material misstatement
– Financial statement level
– Assertion level for classes of transactions, account balances, and disclosures
• Financial statement level risks examples
– Lack of oversight and monitoring of plan operations and service providers
– Lack of segregation of duties and access to assets
• Assertion level risks examples
– Valuation of investments, particularly those with unobservable inputs.
– Accuracy of contribution and benefit payment amounts
32
31
32
5/7/2019
17
DETERMINE PLANNING MATERIALITY
• Matter of professional judgment
• Common benchmarks for 401(k) Plans
– Total assets
– Net assets available for benefits
– Beginning of the year net assets available for benefits for a plan that was merged out of existence or completely terminated during the audit period.
– Benefit payments for a terminating plan
• Performance materiality:
– the amount or amounts set by the auditor at less than materiality to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole
33
DETERMINE PLANNING MATERIALITY
• Unique aspect of employee benefit plan audits
– Immaterial identified differences may require investigation as they may affect the qualified status of the plan
– All errors affecting participant accounts or resulting in a prohibited transaction must be corrected for the plan to maintain its tax qualified status
– All known errors with wide-spread implications should be quantified and evaluated for overall financial statement effect
34
33
34
5/7/2019
18
OBTAIN AN UNDERSTANDING OF THE PLAN, ITS ENVIRONMENT, INCLUDING ITS INTERNAL
CONTROL
• Strong understanding of the Plan is KEY to a successful audit
– Spend the time to read the Plan document, amendments and service provider agreements
– Inquire regarding changes in the Plan or changes in operations
• Plan environment includes the plan sponsor as well as service providers and regulatory factors
35
RISK ASSESSMENT PROCEDURES
• Inquiries with management and others
• Analytical procedures
• Observation and inspection
• Audit team discussion meeting(s) on risk assessment
36
35
36
5/7/2019
19
PERFORM ANALYTICAL PROCEDURES
• Focus of analytical procedures
– Enhance auditor’s understanding of the plan and operations
– Identify areas that may represent specific risks
• Develop expectations
– Comparison to prior years
– Average contribution per participant
– Number of distributions or average distribution amount
– Investment earnings compared to relevant benchmarks
o For full scope audits
37
PERFORM OBSERVATION AND INSPECTION
• Inspection to corroborate your inquiries
• Required to understand design of controls and implementation
• Document review
– Committee minutes
– Plan document, amendments, service provider agreements
– SOC 1 reports
– Reconciliations of payroll records to trust records for contributions
– New hire package (and other evidence of controls)
38
37
38
5/7/2019
20
ASPECTS TO UNDERSTAND ABOUT THE PLAN AND ITS ENVIRONMENT
• Industry, regulatory and other external factors
– Review annual AICPA EBP Audit Risk Alert
– Consider investment market performance
– Understand regulatory requirements for plans
• Nature of the Plan
– Plan provisions, such as eligibility criteria, vesting schedule, etc.
– Employer matching and/or profit sharing contributions
– Fully or partially participant directed
– Variety of service providers and who does what
39
ASPECTS TO UNDERSTAND ABOUT THE PLAN AND ITS ENVIRONMENT
• Related business risks that may result in a material misstatement
– Complexity (compensation or matching formulas)
– Hard to value investments
– Plan sponsor’s financial status
– Plan compliance failure
• Measurement and review of the Plan’s financial performance
– Who monitors performance of plan assets or performance of investment options and what is the frequency?
– Evidence of Plan sponsor’s understanding of their fiduciary responsibilities
40
39
40
5/7/2019
21
INTERNAL CONTROLS AND RISK ASSESSMENT
41
ASPECTS TO UNDERSTAND ABOUT THE PLAN AND ITS ENVIRONMENT
• Internal controls– Consider the controls in place at the plan sponsor
– Also consider the controls in place at outside service providers
oWhat is the significance of the service provided
oAvailability of SOC1reports
o Includes payroll processing, recordkeeping and investment activities
42
41
42
5/7/2019
22
INTERNAL CONTROLS• Key controls relevant to Plan are generally related to payroll cycle
– Eligibility, compensation, service for vesting, elective deferral rates
• Components of internal control maintained by service provider
– Obtain and review SOC 1 report for controls relevant to the Plan
– Review user controls identified in the SOC 1 and determine that they are in place and working at the plan sponsor
• Identify IT controls both at plan sponsor and service provider
– Focus on access controls at plan sponsor
– Enhanced importance/risk if sponsor processes payroll
in-house
43
EXAMPLE EBP PROCEDURES THAT MAY INCLUDE CONTROLS
• The activities, including IT activities, within payroll and the human resources or benefits (human resources information systems [HRISs]) that include information such as salary; hours worked; demographics (for example, sex and date of birth); and date of hire and termination
• Authorization and information processing for certain plan activities, such as
– Eligibility and enrollment
– Employer and employee contributions, and
– Payment of distributions
• Transmitting information between the plan sponsor’s systems and service organizations
• Approving, monitoring, and valuing plan investments
44
43
44
5/7/2019
23
EXAMPLE EBP PROCEDURES THAT MAY INCLUDE CONTROLS
• Monitoring information provided by service organizations
• Monitoring activities outsourced to service organizations
• The financial statement preparation and closing process
• Maintaining the plan’s tax advantaged status (for example, timely plan amendments and performance of applicable compliance tests)
• Maintaining substantial compliance with applicable laws and regulations (for example, nonexempt transactions, reporting and disclosure, and income tax withholding on distributions)
45
SERVICES PROVIDED BY SERVICE ORGANIZATIONS
• Maintenance of the accounting records
• Management of the investments
• Processing of investment transactions
• Safeguarding of assets held by custodians
• Maintenance of the individual participant accounts
• Processing of the benefit payments
• Processing and maintenance of participant loans
• Adjudication and payment of claims
• Processing of payroll transactions
• Processing enrollment of participants
• Maintenance of participant data (such as census data)
46
45
46
5/7/2019
24
IMPACT OF SERVICE ORGANIZATIONS ON PLAN’S INTERNAL CONTROL• Who has control of the assets and participant
accounts?• Where are participant and investment
records?– Bank– Insurance company– Investment advisor– Recordkeeper
TYPICAL EBP SERVICE ORGANIZATIONS
• Bank trust departments
• Recordkeeping companies
• Claims processing companies
• Actuarial firms
• Insurance companies
• Payroll processing companies
48
47
48
5/7/2019
25
TYPE 1 OR TYPE 2
• Type 1 - Report on Policies and Procedures Placed in Operation
• Type 2 - Report on Policies and Procedures Placed in Operation and Tests of Operating Effectiveness
• Two standards
– Guidance for auditors auditing the financial statement entities that use a service organization (user auditors)
o AU-C 402, Audit Considerations Relating to an Entity Using a Service Organization
– Guidance for auditors reporting on controls at the service organization (service auditors)
o SSAE No. 16 – Reporting on Controls of a Service Organization
INTERNAL CONTROL
• Review controls over areas identified in risk assessment process concentrating on significant and high-risk areas
• Be very aware of fraud risks as well as financial statement risks• If succeeding another auditor, review the predecessor firm’s internal
control documentation and AU-C 265 Communications• Build on internal control summaries and testing at plan sponsor if you
audit the sponsor• Goal is to understand and document controls, consider them in risk
assessment, and use those considerations to design effective audit procedures
49
50
5/7/2019
26
CONSIDERATION OF FRAUD
• Requires the auditor to assess the risk of material misstatement due to fraud and provides categories of risk factors
• Document in the workpapers:– Risk factors
– Response to those risk factors
– Other considerations
AUDIT TEAM RISK ASSESSMENT DISCUSSIONS
• Potential for material misstatement due to fraud
– Specific discussions regarding fraud risks are required
• All members of engagement team should be present
• Individual meetings/discussion for each individual EBP audit engagement
• Good opportunity to get engagement partner “engaged” in planning decisions early to improve engagement effectiveness & efficiency
51
52
5/7/2019
27
IDENTIFY FRAUD RISKS
• Team discussions
• Inquiries of management and others– Inquiries with service providers
• Results of analytical procedures
• Existence of fraud risk factors
• Consider controls that address identified fraud risks
TYPICAL FRAUD RISK FACTORS – 401(K) PLANS
• Financial stability of plan sponsor
– Inappropriate use of forfeitures
– Delay in remitting employee or employer contributions
– Administrative expenses to inappropriate vendors
• Inadequate segregation of duties and/or oversight
– Misallocation of contributions to participant accounts
– Benefit payments to ineligible/incorrect individuals
– Ineligible or fictitious participants
• Management override of controls
– Examine journal entries
– Review estimates for bias
53
54
5/7/2019
28
ASSESS THE RISK OF MATERIAL MISSTATEMENT
• Review risks identified while obtaining an understanding of the plan, environment & controls
• Relate the identified risks as to what could go wrong at the relevant assertion level
• Consider the likelihood that the risk could result in a material misstatement
55
RISK ASSESSMENT AND DESIGN OF FURTHER AUDIT PROCEDURES
• Assess the risk of material misstatement
• Identify significant risks
• Identify risks for which substantive procedures alone are not sufficient
• Design further audit procedures
56
55
56
5/7/2019
29
RISKS FOR WHICH SUBSTANTIVE PROCEDURES ALONE ARE INSUFFICIENT
• Participant directed transactions highly electronic
– Enrollment and changes to elective deferrals
– Investment election and changes
– Participant loan requests and other distribution requests
• Generally requires some reliance on effective internal controls
– Tests of controls
o Degree of reliance on SOC 1
– Confirmation with participants
– Obtaining system logs from service provider
57
DESIGNING FURTHER AUDIT PROCEDURES
• Determine overall responses to assessed risks
– Professional skepticism, use of experienced staff
– Using specialists (internal or external)
– Incorporating elements of unpredictability
• Tests of controls, substantive tests or combined tests
– 401(k) plans are frequently good candidates for combined tests
oEligibility, contributions, distributions• Consider SOC 1 reliance
• Provide a clear linkage between risks identified and audit procedures
58
57
58
5/7/2019
30
SIGNIFICANT RISKS COMMON TO 401(K) PLANS
• Incorrect definition of compensation
• Employee contributions not remitted in accordance with DOL regulations
• Hard to value investments not at fair value
• Insufficient disclosure of hard to value investments
• Integrity of individual balances not maintained
• Incomplete transfer of assets from another plan 59
DISCUSSION QUESTION
• How does your firm commonly document the risk and link the risk assessment steps in your EBP audits?
59
60
5/7/2019
31
Employee Benefit Plan Audit Quality Center
Common Best Practices of Risk AssessmentOn an excel spreadsheet, we accumulate and assess all risks identified while risk assessment procedures. In addition, we document our conclusion based on the results of the risk response. Our documentation includes the following for each identified risk:
- Identified risk of misstatement - Related assertion - Whether the risk of misstatement is possible or known - Accounts or Disclosures Impacted - Likelihood of potential misstatements - Magnitude of potential misstatements - Possibility risk could result in a material misstatement - Does the possibility that the risk could result in a material misstatement depend on controls
testing - Whether the risk is a significant risk and/or a material fraud risk - Whether an audit response is required for this risk (will be yes unless the possibility the risk could
result in a material misstatement is low, the possibility the risk could result in material misstatement is not dependent on control testing and the risk is not a significant risk or material fraud risk)
- Where is the understanding of the design and corroboration of controls related to this risk documented
- Substantive response to identified risk of material misstatement - Location of the substantive testing - Was the risk sufficiently mitigated (yes or no)
Questions and Answers
61
62
5/7/2019
1
• Plan document, SOC 1, and payroll testing
• Participant data testing
• Contribution testing
• Parties in interest and prohibited transactions
AGENDA
• ERISA rules• Types of plans• Key parties• Planning and risk assessment• Internal controls
Topics Discussed on Part 1
1
2
5/7/2019
2
• Types
– Plan specific (rarely used by smaller plans)
– Prototype
o Standardized (most common)
o Nonstandardized
– Volume submitter (sample plan to be used by a provider sent to IRS for review)
• Determination letter
– Not required
• Amendments
• Adoption agreement
– “Roadmap” to plan operation
– More specific than basic plan document
• Summary Plan Description (useful but not a substitute)
Plan Document
• Purpose/Scope • Eligibility to participate
– Funding
o Employer
o Employee
– Entitlement to benefits
o Vesting
o Timing
– Plan operation and administration
– Fiduciary duties
o Run the plan solely to benefit participants
o Must act prudently (investment diversification)
Plan Document (Cont.)
3
4
5/7/2019
3
• Auditor’s Concern– Must disclose key provisions in notes
– Plan document compliance dictates procedures
o Contributions (limits, matching, timing)
o Benefits (vesting, timing and availability)
o Eligibility (satisfy minimum requirements but may go beyond)
o Eligible compensation (used to calculate contributions)
– Key to establishing internal control
– May require discussion with legal counsel
o Must not discriminate
– Read and consider in planning process
Plan Document (Cont.)
EBPAQC PLAN DOCUMENT TOOLAssist members in understanding the plan entity and in designing substantive audit tests in various audit areas by summarizing key plan provisions that may be relevant to the plan audit.
The tool is presented in Word format to allow auditors to cut and paste information to the audit program or other audit documentation as necessary. It may be included in the permanent file and updated each year as the plan is amended. It is not intended to replace the plan document in the audit files, but rather is a supplement that summarizes pertinent plan document information.
5
6
5/7/2019
4
• Internal control of plans typically consists of two levels
– Plan sponsor
– Applicable service organizations
• Service Organizations
– Typically the Trustee/Custodian
o Contributions
o Distributions
o Investment custody, valuation, and transactions
– Third Party Administrator (TPA) or a payroll service
– Recordkeeper
• Different Types
– Type I (Design)
– Type II (Design and Operation)
SOC 1 Reports
• Effect on audit procedures
– Type I-
o Provide information to assess risk (i.e., design of controls)
o No basis to conclude on operating effectiveness without testing
– Type II-
o Provide information to assess risk (i.e., design of controls)
o Provide a basis to rely on effective operations of controls and therefore REDUCE the extent of testing
• Read the report
– Period under audit versus period tested in report
– Referencing specific testing to plan attributes
– Plan sponsor controls (user controls)
SOC 1 Reports
7
8
5/7/2019
5
• AU-C Section 402, Audit Considerations Relating to an Entity Using a Service Organization • The user audit should be satisfied regarding the following:
– The service auditor’s professional competence and independence from the service organization
– The adequacy of the standards under which the type 1 or type 2 SOC 1 report was issued.
• The user auditor should consider the following:– Document procedures performed– Understand the services the user entity was contracted for– Determine the report covers appropriate controls– Evaluate of the proper date and period– If appropriate operating effectiveness had been tested, auditor may reduce testing
SOC 1 Reports
• May need more than one SOC 1 Report for different systems• Need to understand the plan sponsor’s complementary user controls and
that they are effective• Service Auditor’s report contains exceptions in testing and/or a modified
report• Communicating to plan management and/or plan governance internal
control matters• Fraud risk factors related to service providers
SOC 1 Reports Considerations
9
10
5/7/2019
6
• Payroll controls, IT or manual, are important
– Contributions are usually a component of a participant’s payroll
– Rely on payroll controls
o Hiring
o Termination
o Proper salary or wages
o Proper payroll deductions for deferrals
o Bonus
• Test payroll controls/refer to payroll testing in plan sponsor audit
– Document that payroll was substantively tested (and ensure it was tested) in plan sponsor audit
– If you do not audit plan sponsor, test payroll controls
Payroll
Participant Data and Allocations
11
12
5/7/2019
7
• 401(k) plans provide an individual account for each participant and provide benefits based on the following:
– Amount contributed by the participant
– Amount contributed by the employer
– Investment income (loss)
– Plan expenses
• When a participant withdraws from a plan, the amount paid to the participant is the amount allocated to that participant account
Participant Data and Allocations
• Relevant Assertions:
– The accuracy of the allocation of net assets to the individual participant accounts in accordance with the plan document.
– The completeness and valuation of participant accounts (including the forfeiture account) in total.
– The authorization of participant transactions and the accuracy that such transactions have been executed at the proper amount, in the proper period, and in accordance with the plan document and participant’s direction.
Participant Data and Allocations
13
14
5/7/2019
8
• Examples of identified risks of what could go wrong for participant data include:
– Participant investment options or salary deferral amounts may not be in accordance with their stated elections
– Allocations of income or expenses may be inaccurate, causing the participant’s account to be overstated or understated
– Lack of reconciliations or improperly prepared reconciliations by management could result in missing contributions or improper allocations.
– Employees not included or inappropriately excluded from participating based on the plan’s provisions.
Participant Data and Allocations
• Examples of identified risks of what could go wrong for participant data include:
– Employee and employer contributions are incorrect due to the use of a definition of compensation different from the plan’s provisions.
– Employee and employer contributions are incorrect due to the use of a definition of compensation different from the plan’s provisions.
– Incorrect compensation or hours is used to determine compensation for plan purposes
Participant Data and Allocations
15
16
5/7/2019
9
• Types of participant data that are tested vary from plan to plan and may include:
– Demographic data
o Date of Hire (DOH)
o Date of Birth (DOB)
o Date of Termination (DOT)
o Hours of service
• Payroll Data
– Wage rate
– Hours worked
– Earnings
– Contributions to the Plan
– Definition of compensation in plan document is essential
o Inclusion/exclusion of fringe benefits
o “W-2” or gross wages as a starting point
• Utilize work done on corporate audit
• Utilize SOC 1, if available
Participant Data
• Audit steps
– Compare appropriate demographic data from employer files to data maintained by the recordkeeper.
– Once you determine the eligibility requirements of the Plan, scan the census data for all employees outside those requirements. Then, select a few to see that they are not in the Plan.
– As a test for fraud, consider specifically looking at those in a position to influence the plan (i.e. payroll, human resources, CFO, etc.) to make sure they are not allowed to enter the Plan prior to meeting the eligibility requirements.
– Agree and reconcile employee deferrals from the census data to participant detail in total and for a sample of participants.
Participant Data
17
18
5/7/2019
10
• Potential audit steps
– Test the summarization of payroll journal to census data and trace postings of gross pay to general ledger.
– Test payroll data for one or more pay periods and for a number of participants by:
o Tracing the individual payrolls from the payroll journal to earnings records
o For participants paid on an hourly basis, testing payroll hours, or other supporting evidence and testing the computation of hours.
o Testing rates of pay to authorizations
o Testing calculations of earnings
o Reviewing personnel files for hiring notice, employment data, pay rates, etc.
o Determine that deferral rates are applied to defined compensation
Participant Data
• Errors found in testing
– Eligibility:
o Employees not allowed to participate because they are “part-time”. Many part-time employees have enough hours to satisfy the hour requirement.
o Small businesses – look for spouses who are participating in the Plan, but who do not work for the company.
o Watch for failure to notify employees of eligibility. Does the workforce speak English and can they understand the Plan materials?
o Break-in-service – Company didn’t allow participants back in the Plan upon rehire in accordance with Plan document.
Participant Data
19
20
5/7/2019
11
• Errors found in testing
– Eligibility, cont:
o Plan Sponsor outsourced informing employees of eligibility. Outsourced service provider didn’t inform anyone for a year of their eligibility. Plan Sponsor is responsible for making sure service provider is performs.
o Compensation as defined by the plan included bonuses, but employee deferrals were calculated excluding bonuses. Plan Sponsor had to make additional contributions to make these employees whole.
Participant Data
• Automatic enrollment – what is it?
– A Company may automatically enroll employees in the Plan at a certain date as defined in the Plan document (i.e. date of hire, 3 months of service, etc.) unless the participant elects out of the Plan.
– Plans with auto enrollment features will have a stated deferral rate that they will enroll the participant at as well as a qualified default investment in which to put the contributions if the participant does not give investment direction timely.
– There can also be auto escalation clauses whereby each year of service, the participant’s contributions are automatically increased by a certain percentage as defined in the Plan unless elected differently by the participant.
– The participant has 90 days after the first contribution to get their money back if they did not intend to enroll and didn’t elect out timely.
Automatic Enrollment
21
22
5/7/2019
12
Participant Testing
Participant Data• Potential audit steps
– Compare appropriate demographic data from employer files to data maintained by the recordkeeper.
– Once you determine the eligibility requirements of the Plan, scan the census data for all employees outside those requirements. Then, select a few to see that they are not in the Plan.
– As a test for fraud, consider specifically looking at those in a position to influence the plan (i.e. payroll, human resources, CFO, etc.) to make sure they are not allowed to enter the Plan prior to meeting the eligibility requirements.
– Agree and reconcile employee deferrals from the census data to participant detail in total and for a sample of participants.
24
23
24
5/7/2019
13
Participant Data• Potential audit steps
– Test the summarization of payroll journal to census data and trace postings of gross pay to general ledger.
– Test payroll data for one or more pay periods and for a number of participants by:
o Tracing the individual payrolls from the payroll journal to earnings records
o For participants paid on an hourly basis, testing payroll hours, or other supporting evidence and testing the computation of hours.
o Testing rates of pay to authorizations
o Testing calculations of earnings
o Reviewing personnel files for hiring notice, employment data, pay rates, etc.
o Determine that deferral rates are applied to defined compensation
25
Participant Data• Errors found in testing
– Eligibility:
o Employees not allowed to participate because they are “part-time”. Many part-time employees have enough hours to satisfy the hour requirement.
o Small businesses – look for spouses who are participating in the Plan, but who do not work for the company.
o Watch for failure to notify employees of eligibility. Does the workforce speak English and can they understand the Plan materials?
o Break-in-service – Company didn’t allow participants back in the Plan upon rehire in accordance with Plan document.
26
25
26
5/7/2019
14
Participant Data
• Errors found in testing
– Eligibility, cont:
o Plan Sponsor outsourced informing employees of eligibility. Outsourced service provider didn’t inform anyone for a year of their eligibility. Plan Sponsor is responsible for making sure service provider performs their duties.
o Compensation as defined by the plan included bonuses, but employee deferrals were calculated excluding bonuses. Plan Sponsor had to make additional contributions to make these employees whole.
27
Participant Allocations• Potential audit steps
– Participant allocation to individual investments – testing is typically a combination of:
o Reliance on SOC 1 (refer to previous webinar).
o Confirmation with participant (that they did not have any issues with their allocations).
o Overall analytical review of participant accounts.
– Determine whether the sum of the individual accounts reconciles with the total net assets available for benefits.
– Testing mathematical accuracy of individual participant accounts and determining whether opening participant account balance matches ending balance from the prior year statement.
28
27
28
5/7/2019
15
Workpaper Documentation Tips
• Information to consider including for participant data and allocations testing– Plan provisions– Participant allocation report
• by investment type• by money type (EE contribution, ER match, Profit-sharing, rollover,
etc)– SOC1 report and related checklist– Payroll data - compensation– Participant hire date and age documentation, as applicable– Participant election forms– Confirmations
29
Changes in Plan Recordkeeper
• Changes in outside recordkeepers are common but can increase risk if not managed properly
• Plan sponsors have a fiduciary responsibility to ensure that the change is monitored and performed properly
30
29
30
5/7/2019
16
Changes in Plan RecordkeeperOverall Risks - What Can Go Wrong
• Data transferred (participant/payroll) is not accurate or complete
• Changes in plan design
31
Changes in Plan RecordkeeperWhat Can Go Wrong for a 401(k) Plan
• Potential delays in remitting employee deferrals which could be deemed a PROHIBITED TRANSACTION
• Participant data transfers, forfeitures• Challenges in change in plan administration – paper to
paperless• What’s new for participants• Participant notes receivable• SOC 1 vs no SOC 1• Auto enrollment or deminimus cash outs?
32
31
32
5/7/2019
17
Workpaper Documentation Tips
• Key information to include in audit documentation– Prior recordkeeper
• Allocation report by investment type• Allocation report by money type (EE contribution, ER match, Profit-
sharing, rollover, etc)• Reconciliation between allocation report and investment statement
– Current recordkeeper• Allocation report by investment type• Allocation report by money type (EE contribution, ER match, Profit-
sharing, rollover, etc)• Reconciliation between allocation report and investment statement
33
Workpaper Documentation Tips
• Key information to include in audit documentation– Minutes documenting approval of change in service provider
– Consider obtaining communication regarding transfer to employees• Mapping between funds• Re-election of investments• Same investment options
34
33
34
5/7/2019
18
Contributions and Contributions Receivable Assertions
• Amounts received or due have been appropriately determined, recorded and disclosed in the proper period, in conformity with the plan’s provisions and with the applicable financial reporting framework
• An appropriate allowance has been made for uncollectible amounts
• Participant’s contributions are authorized and have been executed at the proper amount, in the proper period and in accordance with the plan and at the participant’s direction
35
Contributions and Contributions Receivable Assertions (Cont)
• All active participants have been properly included in the employee eligibility reports and contribution records
• Appropriate and accurate participant data, including payroll information, is being utilized in determining amounts contributed to the plan
36
35
36
5/7/2019
19
Contributions Received and Receivable
• Read the Plan Document – know what types of contributions are allowed in the Plan.
– Employee contributions – does the Plan allow catch-ups? Rollovers? After-tax? Roth?
– Employer contributions – is the Plan a safe harbor plan? Do they have a matching contribution and/or a profit sharing contribution?
37
Contributions• Types of Contributions
– Employee
o Pre-tax
o Catch-up contributions
o After-tax
o Roth
o Rollovers
– Employer
o Matching
o Safe Harbor
o Profit sharing
o Discretionary
o Qualified non-elective contributions (QNEC)
– Merged plans
38
37
38
5/7/2019
20
Contributions• Definition of compensation
– Applying an incorrect definition of compensation is one of the most common operational errors for a DC plan
– Read the Plan Document
– Identify the types of compensation that are included and the types that are excluded
o Bonuses, commissions, shift differentials, moving costs, etc.
– May have different definitions for different calculations (deferrals vs match)
– LLC’s – risk of neglecting to include K-1 earnings
– Application of IRC annual compensation limit
• Knowing the specifics here will help you design effective samples as well as appropriate tests
39
Contributions – Example Substantive Procedures
• Agreeing total contribution amounts (by type) from the plan sponsor’s records to the plan’s reports (e.g. trustee or custodian/recordkeeper reports)
• Perform analytical procedures and compare results to prior period and expectations (e.g. average deferral per participant; ratio of employer match to participant deferrals)
40
39
40
5/7/2019
21
Contributions – Example Substantive Procedures
• Testing whether forfeiture amounts, if any, have been properly applied in accordance with the plan document
• Vouching contributions to wire transfer notices or other supporting evidence
• Determine that accruals for contributions have been recorded in accordance with the applicable financial reporting framework and test the amounts of such accruals, such as by vouching to subsequent receipt
41
Contributions – Example Substantive Procedures
• Evaluating the reasonableness of the plan’s allowance for estimated uncollectible accounts
• Employer profit sharing contributions and discretionary contributions – Agree to authorization in minutes. Recalculate allocation to a sample of individual participant accounts.
• Employer contributions – Qualified Non-Elective Contributions – Agree the calculation of the QNEC provided by the TPA to the Plan in total and for a sample of individual participant accounts.
42
41
42
5/7/2019
22
Contributions – Example Substantive Procedures
• Obtaining a schedule or inquiring of plan management about the timeliness of employee salary deferral contribution remittances to the plan. Failure to timely remit such amounts constitutes a prohibited transaction.
43
Rollover Contributions – Example Substantive Procedures
• Determine plan document allows for rollovers
• Obtain a listing of rollovers and agree to the plan’s financial statements
• For sample of rollovers:
– Test investment elections, if applicable
– Test that the rollover amount properly applied to correct participant’s account
44
43
44
5/7/2019
23
Errors Found in Testing Contributions
• One pay period of deferrals was never received by the Plan.
• Payroll service was erroneously calculating the match by failing to treat Roth deferrals as a deferral eligible for match.
• Participant contributions were credited to the wrong participant’s account.
• Lots of errors in the definition of compensation. (e.g. improperly including/excluding bonuses) Make sure the person in charge of determining eligible compensation knows the plan document.
• Late remittances – Watch out for manual check runs and decentralized payroll operations.
45
Party in Interest/Prohibited Transactions
• A party in interest is a
– fiduciary or employee of the plan,
– any person who provides services to the plan,
– an employer whose employees are covered by the plan,
– an employee association whose members are covered by the plan,
– a person who owns 50 percent or more of such an employer or employee association,
– Relatives of such person just listed
• A prohibited transaction is a transaction between a plan and a party in interest that is prohibited under Section 406(a) of ERISA
– Statutory and administrative exemptions are available
46
45
46
5/7/2019
24
What is Prohibited
• Section 406(a) provides that a fiduciary shall not cause a plan to engage in a transaction if he knows or should know that such transaction constitutes an indirect or direct:
– Sale or exchange or leasing of property between the plan and a party in interest;
– Loan or other extension of credit between the plan and a party in interest (includes delinquent participant contributions);
– Furnishing of goods, services or facilities between a plan and a party in interest;
– Transfer to, or use by or for the benefit of, a party in interest, of any assets of the plan, or
– Acquisition, on behalf of the plan of any employer security or employer real property in violation of section 407(a); and
– No fiduciary shall permit the plan to hold any employer security or employer real property if he knows or should know that holding such security violates section 407(a)
47
• In accordance with plan document and reasonable compensation for services performed
• Reasonable compensation for office space and legal, accounting, and other services necessary for the operation of a plan are permitted if certain conditions are met
Exceptions to Prohibited Transactions
48
47
48
5/7/2019
25
Why are Parties in Interest Important
• Should be able to identify parties in interest of the plan
– Party in interest vs. related party
• Recognize the transactions between the parties in interest and the plan and understand the purpose of the transaction
• Identify whether the transaction is prohibited
• Plan sponsor may need to seek advice from ERISA counsel
• Required reporting & disclosure
49
• Typical auditing procedures to determine existence
– Evaluate the plan administrator's procedures for identifying and properly accounting and reporting for party in interest transactions.
– Request from client a listing of parties in interest and any transactions with these parties during the period.
– Review filings (for example, Forms 5500 and LM-2) and correspondence by the reporting entity with the DOL and other regulatory agencies for the names of parties in interest.
– Review prior years' working papers for the names of known parties in interest.
– Inquire of the plan administrator whether any prohibited transactions have been identified as a result of past DOL, IRS, or other governmental examinations.
– Review agreements with service providers.
– Provide audit personnel with the names of known parties in interest.
– Review the minutes of applicable governance meetings
Parties in Interest – Audit Steps
50
49
50
5/7/2019
26
• Typical auditing procedures to test identified transactions
– Obtain an understanding of the business purpose of the transaction.
– Examine invoices, executed copies of agreements, contracts, and other pertinent documents.
– Determine whether the transaction has been approved by the board of trustees or other appropriate officials.
– Test for reasonableness the compilation of amounts to be disclosed or considered for disclosure.
– Inspect or confirm and obtain satisfaction concerning the transferability and value of collateral.
Parties in Interest – Audit Steps (cont)
51
Workpaper Documentation Tips
• Key information to include in audit documentation
– Listing of parties in interest– Listing of related parties– An understanding of management’s internal controls related to identification
of parties in interest and related parties– Listing of types of transactions involving parties in interest and related parties– Support for disclosure in the financial statements of party in interest and/or
related party transactions– Evidence of how these transactions were evaluated to conclude upon whether
they constituted a prohibited transaction
52
51
52
5/7/2019
1
Part 3, Employee Benefit PlanAudit Training, Distribution Testing, Audit wrap up and financial reporting
• Benefit payments and other distribution testing
• Concluding the audit
Agenda
1
2
5/7/2019
2
Topics Discussed on Parts 1 and 2
• ERISA rules• Types of plans & key parties• Planning and risk assessment• Internal controls• Plan document, SOC 1, and payroll testing• Participant data testing• Contribution testing• Parties in interest and prohibited transactions
• Benefit Payment Testing
3
4
5/7/2019
3
Benefit Payments and Distributions Types
• Benefit Payments and Distributions
– Benefit Payments -
o Five types
Retirement distribution/death
Rollover
Qualified Domestic Relations Order (QDRO)
Hardship
Early payout
– Distributions
o Corrective distribution
o Administrative expenses
– Notes receivable
5
• Benefit Payments
– Benefit Payments - Retirement Distribution/Death
o Paid after retirement or death
o Can be lump-sum; or structured payout
o Understand where the money is going = tax effect
o Key documents:
Plan document
Retirement papers/support; including age
Death certificate
Application for payment
Spousal consent
Vested participant balance statement
Benefit Payments – Retirement Distributions
6
5
6
5/7/2019
4
• Benefit Payments
– Benefit Payments - Rollover
oPaid after termination of employment to another tax deferred type plan (typically another 401(k) plan)
oTypically lump sum
oTax free transaction
oKey documents:
Application for transfer
Vested participant balance statement
Benefit Payments - Rollover
7
Benefit Payments - QDROs
• Benefit Payments– Benefit Payments - Qualified Domestic
Relations OrderoTypically result of a divorce
oTypically lump sum
oKey documents: Court order
Vested participant balance statement
8
7
8
5/7/2019
5
• Benefit Payments
– Benefit Payments - Hardship
o Penalty free early distribution from 401(k) plan
o Taxable
o Documented financial hardship – specified conditions
o Requires stoppage of contributions to 401(k) plan after the Hardship withdrawal (6 months) (as well as any company match)
o Key documents:
Plan document
Hardship application
Vested participant balance statement
Benefit Payments - Hardship
9
Benefit Payments – Early Payout
• Benefit Payments
– Benefit Payments - Early Payout
oTypically as a result of termination of employment
oEarly payout of vested balance
oTaxable income plus tax penalty
oKey documents:
Plan document
Payout application
Vested participant balance statement
10
9
10
5/7/2019
6
Distributions – Corrective Distributions
• Distributions
– Distributions - Corrective Distributions
o Typically shown as a reduction in contributions
o Typically as a result of highly compensated participant overcontributing to plan
o Typically discovered as part of demographic ERISA testing (Top heavy, ADP/ACP, etc.)
o Required to be paid within 2.5 months of year end
o Key documents:
Plan document
Testing results
Participant contribution for the year
11
• Benefit Payments and Distributions– Audit Assertions
oDetermine if payments are in accordance with plan provisions and related documents
oDetermine if payments are made to correct person/entity
oDetermine if payments are recorded in the properaccount, amount, and period
Benefit Payments and Distributions –Audit Assertions
12
11
12
5/7/2019
7
Benefit Payments & Distributions – Examples of Risk and What Can Go Wrong (WCGW)
• Not properly authorized or in accordance with the provisions of the plan document
• Not recorded or are recorded in the incorrect amount• Do not agree to amounts per the recordkeeper• Calculated incorrectly• Not in accordance with the participant’s election• Not recorded in the correct individual participant’s account• Made to an ineligible participant
13
• Benefit Payments and Distributions– Typical Audit Steps
oPerform test work on a sample of each type of benefit payment and distribution transaction Eligibility
Correct balance
Correct approvals
Re-compute payment
Timeliness of payment (potential liability)
Other possible procedures (confirmation)
Benefit Payments and Distributions –Audit Steps
14
13
14
5/7/2019
8
Benefit Payments – Workpaper Documentation Tips
• Key information to include on audit documentation– Participant name– Social Security Number/employee ID number– Date of Birth– Date of Hire– Distribution date– Amount of gross and net distributions– Vesting percentage
• Test/verify the following items and include proper tickmark documentation including:– Agreed participant personnel information to signed distribution election form,
noting spousal consent if applicable– Examine for Plan Sponsor authorization
15
Benefit Payments – WorkpaperDocumentation Tips
• Test/verify the following items and include proper tickmark documentation including (continued):– If online request and not signed paper form, review online withdrawal form
for consents/approvals– Death payout: examine death certificate– Hardship: examine backup including request and proof/supporting backup for
financial need– Trac distribution amount to check copy, agreeing amount and date of
distribution– Recalculate distribution amount based on participant summary balance and
vesting schedule per plan document– For payouts not 100% vested, recalculated forfeiture amount– Trace gross distribution amount to individual participant summary
16
15
16
5/7/2019
9
• Distributions
– Distributions - Administrative Expenses
o Typically covers a participant initiated transaction (i.e., loan fee)
o 401(k) plans typically do not have plan based fees (i.e., trustee, audit, etc) charged to them; rather paid by plan sponsor
o Review for party in interest
o Key documents:
Plan document
Trustee agreement
Distributions – Administrative Expenses
17
Distributions – Administrative Expenses
• DOL “Hot” Area– “Reasonableness” review as part of governance
oMust be documented
– Schedule C disclosuresoRelate to test work
– Shared revenues/netted fees– Obtain and review all service provider contracts
18
17
18
5/7/2019
10
– Compare CY to PY expense– Compare to net assets– Compare to number of participants– Compare to Schedule C in Form 5500– Conclude as to reasonableness
Administrative expenses
Sample– new loans using loan detail report loan testing
Loan testing
19
20
5/7/2019
11
Notes Receivable from Participants
• What is it? An investment or a receivable• Difference between GAAP and Form 5500
treatment• Disclosures
21
Notes Receivable - GAAP
• ASC 962-310-45-2 requires classification of participant loans as a receivable, not as an investment
• Measured at unpaid principal balance plus accrued but unpaid interest
• Not subject to fair value disclosures or credit risk disclosures
22
21
22
5/7/2019
12
Notes Receivable – Audit Assertions
• Audit procedures should provide a reasonable basis for concluding whether the amounts due to the plan have been –– Properly valued and disclosed
– Properly recorded and exist
– Initiated in accordance with the plan’s provisions
23
Notes Receivable – Example Risks and WCGW
• Not initiated in accordance with the plan’s provisions• Loan details entered incorrectly into the recordkeeping system• Loan repayments not properly calculated or properly withheld from
payroll on a timely basis• Loans are not reconciled between the recordkeeper and trustee on a
timely basis• Loan repayments not recorded in the correct individual participant’s
account• Delinquent loans or loans in default are not identified properly
24
23
24
5/7/2019
13
Notes Receivable – Testing
• Full scope audit procedures may include –
– Examining participant loan documentation
– Confirming loans with participants
– Testing that interest is properly recorded
– Testing whether the loans were made in conformity with the plan document and ERISA
– Testing whether the interest rate is reasonable and does not exceed 5 years (except for purchase of principal residence)
– Reviewing financial statement classification to determine that participant loans are properly recorded and valued
25
Concluding on the Audit
25
26
5/7/2019
14
Concluding the Audit
• Often a critical phase of the audit, but sometimes underestimated
• More than just administrative tasks involved in wrapping up an audit
27
Audit Steps to Consider
• Steps typically performed at the conclusion of the audit and before the financial statements are issued.
– Review of Form 5500
– Review for any commitments and contingencies
– Obtain legal letter, if applicable
– Subsequent events review
– Review journal entries, if any
– Review subsequent trust statements
28
27
28
5/7/2019
15
Audit Steps to Consider
• Steps typically performed at the conclusion of the audit and before the financial statements are issued.
– Summarize any audit misstatements
– Perform final analytical review
– Obtain management representation letter
– Communicate with those charged with governance
– Internal control matters
29
Form 5500
• AU-C Section 720 – Other Information in Documents Containing Audited Financial Statements
• Form 5500 should be read in order to identify any material inconsistencies with the financial statements.
• Discuss with management if material inconsistencies are noted
• If Form 5500 is not available, consider delaying the release of the financial statements.
• If financials are issued before the 5500 is ready, then make sure management knows not to include the audit report with the 5500 until the auditor has reviewed.
30
29
30
5/7/2019
16
Commitments and Contingencies
• Issues with benefit plans are typically related to plan compliance or future plan amendments.
• Contingencies may include collectability of receivables, tax issues, litigation claims or prohibited transactions. Going concern of the plan sponsor should also be considered.
31
Commitments and Contingencies
• Audit procedures to consider include:
– Discuss possible commitments and contingencies with plan sponsor or plan management
– Review minutes of committee meetings for the year under audit as well as any subsequent to year-end
– Review legal expenses of the plan
– Inquire about any DOL or other regulatory agency audits or investigations
32
31
32
5/7/2019
17
Subsequent Events
• Review committee meeting minutes for possible disclosure items
• Inquire about plan amendments effective after year-end
• Inquire about plan mergers or spin-offs that might affect the plan
33
Management Representation Letter
• Required to obtain management representation letter, generally from plan administrator or other party performing oversight of the plan
• AU-C Section 580 lists specific representations that should be included in the letter
• Audit Guide includes Illustrative Representation Letter
• Date should be as of the date of the auditor’s report and should cover all periods referred to in the opinon
34
33
34
5/7/2019
18
Communication with Those Charged with Governance
• AU-C Section 260 addresses auditor responsibility for communication with those charged with governance
• These communications are required regardless of the size of the plan
• Communication should be made to the person or group with responsibility for overseeing the strategic direction of the plan and oversees the financial reporting process.
35
Communication with Those Charged with Governance
• The communication letter should include the following:
– Auditor’s responsibilities with regard to the audit
– Overview of the planned scope and timing
– Significant findings or issues
• Difficulties during the audit
• Disagreements with management
– Uncorrected misstatements
36
35
36
5/7/2019
19
Internal Control Matters
• AU-C Section 265 addresses the auditor’s responsibility to communicate deficiencies in internal control to those charged with governance and management
– Other matters
– Deficiencies
– Significant deficiencies
– Material Weaknesses
37
Tax Status
• 401(k) plans are granted special tax status for contributions and earnings on investments
• Plans must be designed and operated in accordance with the Internal Revenue Code requirements (section 401(a))
38
37
38
5/7/2019
20
Tax Status
• Plans receive a determination letter (individually designed plan) or an opinion letter (prototype plan)
• Practice Tip: Determination letter or opinion letter should generally be dated
39
Tax Status
• AU-C Section 250 addresses the auditor’s responsibility for compliance with laws and regulations
• If the auditor is aware of noncompliance, evaluate whether or not it has a material effect on the financial statements
• If material and not adequately disclosed, then consider modifying the opinion40
39
40
5/7/2019
21
Tax Status
• Auditor’s responsibility for the plan’s compliance testing
– The auditor is not expected to test the underlying calculations for the plan’s required compliance testing
– Inquire of plan management about whether the testing was performed and if the results are reflected in the financial statements
41
Discussion Question
• What are some of the pitfalls in wrapping up the EBP audit? – Timing – Documentation– Overreliance on management
42
41
42
5/7/2019
1
Employee Benefit PlanAudit Training Investments, AA update, peer review
Limited scope audit regulation
• ERISA Section 103(a)(3)(c) allows plan management to instruct the auditor not to perform any auditing procedures with respect to investment information prepared and certified by a bank or similar institution or by an insurance carrier that is regulated, supervised, and subject to periodic examination by a state or federal agency who acts as trustee or custodian.
2
2
1
2
5/7/2019
2
3
Limited scope audit regulation
• Summary of DOL Regulations 2520.103
– Provides sample certification language to be used by the certifying institution
The XYZ Bank (Insurance Carrier) hereby certifies that the foregoing statement furnished pursuant to 29 CFR 2520.103-5(c) is complete and accurate.
– Indicates that the certification extends to “ordinary business records” of the certifying institution
– The certification must be signed by a person authorized to represent the insurance carrier or bank
3
4
Limited scope audit decision tree
4
3
4
5/7/2019
3
Divided into 8 sections:
• Qualifications of certifying institution• Certification signed by authorized representative• Plan covered by the certification• Completeness and accuracy of investment information• Information not certified by qualified institution• Qualifying language• Certified information that is incomplete, inaccurate or
otherwise unsatisfactory• conclusion
Parties qualified to certify
• Bank
• Trust Company (of similar institution)
• Insurance Carrier
• Agent can certify on behalf of qualified institution
–Modify report language – ABC as agent for XYZ Trust Company
• Broker/Dealers and Investment Companies can not certify
6
5
6
5/7/2019
4
Limited scope audit certifications
• Not every certification is acceptable
• Unqualified institutions try to certify
• Qualified institutions provide certifications based on books and records that may not be fair value
• Watch for agency relationships
• Certification of transferred assets and/or change in trustee/custodians
7
Common Deficiencies in EBP Limited Scope Audit CertificationsThis tool was developed to help
• Plan administrators understand their responsibilities for determining the acceptability of a limited scope certification;
• Auditors understand their responsibilities for determining whether a certification can be relied upon to limit the scope of the audit; and
• Both plan administrators and auditors identify common deficiencies in limited scope certifications.
• It also includes an illustration of a proper certification.
7
8
5/7/2019
5
Limited scope audits
• Auditors’ Responsibility– Obtain and read a copy of the certification– Determine whether the entity issuing the certification is a
qualifying institution under DOL regulations– Compare the investment information certified to the financial
information contained in the plan’s financial statements and related disclosures
– Perform the necessary procedures to become satisfied that any received or disbursed amounts reported by the custodian were determined in accordance with the plan provisions
– Determine whether the form and content of the financial statement disclosures related to the investment information prepared and certified by the plan’s custodian are in conformity with GAAP and are in compliance with the DOL’s regulations
9
Limited scope audits
• Limited scope exemption only applies to investment information and does not extend to participant data, contributions, benefit payments, required financial statement disclosures, or other information, regardless of whether it is included in the certified information.
• Plan investments not held by a qualifying institution, such as real estate, should be subjected to full-scope audit procedures.
• Investment income allocation and investment elections should be subjected to full-scope audit procedures, as well
10
9
10
5/7/2019
6
Limited scope audits
• Questions to consider when reviewing a certification
– Is the ENTIRE period under audit certified?
– Are all investments covered by the certification?
– Was there a change in trustee/custodian during the year?
11
Investments – limited scope auditsPotential audit steps
• Determine that certification is appropriate• Agree certified information to the financial
statements and disclosures• Determine that the investment disclosures
are in compliance with GAAP and DOL requirements−Auditor is still responsible for valuation
disclosures (hierarchy levels)−Need to have sufficient understanding of
investments to evaluate• Certification exemption does not mean
that auditors can put “blinders” on• Test allocations to participants
12
11
12
5/7/2019
7
Investments – limited scope auditsPotential audit steps
• Income allocation - compare the plan’s investment return to participants’ returns for the same investment
− Analytical procedures
− Test a short period – a month or a quarter if possible
− Obtain coverage throughout the year
− Consider reliance that may be place on a SOC 1
Still need to perform some tests
13
14
Full scope audits
• The plan auditor should be engaged to perform full scope audit procedures where
• The plan administrator does not request a limited scope audit to be performed in accordance with ERISA Section 103(a)(3)(c)
• The plan’s assets are not held by a qualified institution
• The investment information is not prepared and certified to by a qualified institution
• The certification is not reliable
• Form 11-K
14
13
14
5/7/2019
8
Investments – full vs limited scope
15
Audit Procedures Limited Scope Full Scope
Confirm assets directly with custodian X
Agree the certified investment information to the Plan’s financial statement
X
Year-end market value testing X
Investment transaction testing X
Test investment income allocation to participants X X
Determine that the Plan’s financial statement and disclosures are in compliance with GAAP
X X
Other audit procedures, such as testing of contributions, distributions, etc.
X X
ACCOUNTING AND REPORTING UPDATE
15
16
5/7/2019
9
ACCOUNTING AND REPORTING• No new accounting standards effective for 2018 plan year
ends
• Early adoption is permitted for:
o ASU 2017-06 Employee Benefit Plan Master Trust Reporting
o ASU 2018-09 Codification Improvements
o ASU 2018-13 Changes to the Disclosure Requirements for Fair Value Measurements
• Common financial reporting missteps
• On the horizon
ASU 2017-06: EBP MASTER TRUST REPORTING• Effective for fiscal years beginning after December 15, 2018.
o Early adoption permitted.
o Retrospective application.
• A plan’s interest in each master trust and any change in that interest is presented in separate line items in the statement of net assets available for benefits and in the statement of changes in net assets available for benefits, respectively.
• Removes the requirement to disclose the percentage interest in the master trust for plans with divided interests and requires that all plans disclose the dollar amount of their interest in each of those general types of investments, which supplements the existing requirement to disclose the master trust’s balances in each general type of investments.
• Requires all plans to disclose (1) their master trust’s other asset and liability balances and (2) the dollar amount of the plan’s interest in each of those balances.
Issued February 2017
17
18
5/7/2019
10
ILLUSTRATION FOR DIVIDED INTEREST IN MASTER TRUST
ILLUSTRATION FOR UNDIVIDED INTEREST IN MASTER TRUST
19
20
5/7/2019
11
ASU 2018-13 CHANGES TO THE DISCLOSURE REQUIREMENTS FOR FAIR VALUE MEASUREMENT
• It modifies the disclosure requirements in ASC Topic 820, Fair Value Measurement.
o Eliminates, amends and adds disclosure requirements.
• The proposal applies to all entities that are required under existing US GAAP to disclose recurring or nonrecurring fair value measurements.
• The ASU is effective for all entities for all reporting periods (annual and interim) beginning after December 15, 2019.
o Early adoption is allowed.
o An entity may elect to early adopt only the eliminated or modified disclosure requirements.
Issued August 2018
ASU 2018-13 – ELIMINATED DISCLOSURES
• The amount of and reasons for transfers between Level 1 and Level 2.
• The policy of timing of transfers between the various Levels.
• The valuation policies and procedures for Level 3 measurements.
• For nonpublic entities, the changes in unrealized gains and losses for the period included in earnings for recurring Level 3 fair value measurements
21
22
5/7/2019
12
ASU 2018-13 – AMENDED DISCLOSURES• Level 3 roll-forward – nonpublic companies should disclose
purchases/sales and transfers into and out of Level 3 instead of roll-forward.
• For investments in certain companies that calculate net asset value, the timing of liquidation of investee’s assets, and the date when restrictions from redemption might lapse need to be disclosed only if known.
• Measurement uncertainty – communicates information about the uncertainty in measurement as of the reporting date.
• The term ‘at a minimum’ is removed from the disclosure requirements to make it clear that materiality and discretion are appropriate considerations.
ASU 2018-13 – NEW DISCLOSURES
• Changes in unrealized gains and losses included in other comprehensive income for recurring Level 3 fair value measurements.
• Disclose additional supporting information used to derive significant unobservable inputs for fair value measurements under Level 3 (range and weighted average, median and arithmetic average, as appropriate).
Not applicable to nonpublic entities
23
24
5/7/2019
13
10 COMMON FINANCIAL REPORTING MISSTEPS
1. Registered investment company investments recorded at NAV as a practical expedient, when should be recorded as readily determinable fair value
2. Fully benefit responsive investment contracts (measured at fair value and/or included on fair value leveling table in error)
3. Improperly using or not using liquidation basis for plan terminations
4. Overreliance on information reported by service providers for plan mergers versus ensuring accrual accounting/legal merger date accounting
5. Recognizing deemed/defaulted loans
10 COMMON FINANCIAL REPORTING MISSTEPS (CONTINUED)
6. Limited scope auditor’s report issues (wrong name of certifying entity or wrong footnote reference)
7. Using incorrect mortality tables or rates in calculating actuarial valuations
8. Not adopting accounting standards in proper year
9. Lack of disclosure of related parties and parties in interest in footnotes and supplemental schedule
10. Not properly recording subsidies or rebates in H&W plans on accrual basis
25
26
5/7/2019
14
AUDITING UPDATE
AUDITING UPDATE• 2019 EBP Audit and Accounting Guide revisions
o Effective ASUs
o No new ASB auditing standards effective for 2018 plan year audits
o No new PCAOB auditing standards effective for 2018 plan year Form 11-k audits
• EBP Audit Risk Alert
• On the horizon
o New EBP Audit Standard (the ASB-approved EBP SAS is available on the AICPA's website)
27
28
5/7/2019
15
FORMING AN OPINION AND REPORTING ON FINANCIAL STATEMENTS OF EMPLOYEE BENEFIT PLANS SUBJECT TO ERISA (EBP SAS)• AICPA Auditing Standards Board (ASB) voted the EBP SAS final in
July 2018
o Prescribes certain new performance requirements for an audit of financial statements of employee benefit plans subject to the Employee Retirement Income Security Act of 1974 (ERISA)
o Changes the form and content of the related auditor's report.
• Pending conforming changes for proposed auditor reporting standards and related amendments (first half of 2019)
• EBP SAS expected to be issued first half of 2019
• When issued to be effective no earlier than periods ending on or after December 15, 2020.
o Early adoption is not permitted
ABOUT THE NEW EBP SAS • Not all-inclusive; all the AU-C sections apply, except for the following,
which are specifically covered in the EBP SAS:
o AU-C section 700, Forming an Opinion and Reporting on Financial Statements
o Paragraph .09 of AU-C section 725, Supplementary Information in Relation to the Financial Statements as a Whole
• Contains incremental requirements to the following:
o AU-C section 210, Terms of Engagement
o AU-C section 250, Consideration of Laws and Regulations in an Audit of Financial Statements
o AU-C section 260, The Auditor's Communication With Those Charged With Governance
o AU-C section 580, Written Representations
29
30
5/7/2019
16
OBJECTIVES OF NEW EBP SAS• Accept engagement when preconditions are present…
• Appropriately plan and perform audit…
• Form an opinion based on audit evidence obtained…
• Express clearly an opinion in a written report…
• Perform procedures and report on supplementary information in accordance with SAS…
• Appropriately communicate to management and those charged with governance reportable findings identified during the audit…
KEY PROVISIONS FOR ERISA SECTION 103(A)(3)(C) AUDIT
x No longer referred to as a “limited scope” audit
Will be referred to as an
“ERISA section 103(a)(3)(C) audit”
• Not considered a scope limitation, therefore the auditor would no longer issue a modified opinion (typically a disclaimer of opinion) due to information that is certified by a qualified institution.
• Instead, the report provides a two-pronged opinion that is based on the audit and on the procedures performed relating to the certified investment information.
31
32
5/7/2019
17
KEY PROVISIONS FOR ERISA SECTION 103(A)(3)(C) AUDIT -- REPORTING• New and unique form of report stating
• In the auditor’s opinion, based on the audit and the procedures performed as described in the auditor’s responsibility section:
• The amounts and disclosures in the financial statements, other than those agreed to or derived from certified investment information, are presented fairly, in all material respects, in accordance with the applicable financial reporting framework.
• The information in the financial statements related to assets held by and certified to by a qualified institution agrees to, or is derived from, in all material respects, the information prepared and certified by an institution that management determined meets the requirements of ERISA Section 103(a)(3)(C) .
KEY PROVISIONS FOR ERISA SECTION 103(A)(3)(C) AUDIT — SUPPLEMENTAL SCHEDULES
• When reporting on ERISA required supplemental schedules
o Include a statement in an other matter paragraph whether, in the auditor’s opinion
The form and content of the supplemental schedules, other than the information in the supplemental schedules that agrees to or is derived from the certified investment information, is presented , in all material respects, in conformity with the DOL’s Rules and Regulations for Reporting and Disclosure under ERISA
The information in the supplemental schedules related to assets held by and certified to by a qualified institution agrees to or is derived from, in all material respects, the information prepared and certified by an institution that management determined meets the requirements of ERISA Section 103(a)(3)(C) .
33
34
5/7/2019
18
KEY PROVISIONS FOR ERISA SECTION 103(A)(3)(C) AUDIT – CERTIFIED INFORMATION• Required procedures with respect to certified investment
informationo Evaluate management’s assessment of whether the entity issuing the
certification is a qualified institution
o Identify which investment information is certified
o Obtain from management and read the certification
o Compare the certified investment information with the related information presented and disclosed in the financial statements and supplemental schedules
o Read the disclosures relating to the certified investment information to assess whether they are in accordance with the presentation and disclosure requirements of GAAP
OTHER KEY PROVISIONS• Engagement Acceptance
• Risk Assessment and response
• Performance Procedures
• Evaluation and Documentation
• Communications with Management and Those Charged with Governance
• Management Representations
• Reporting
• Review of Draft Form 5500
o Prior to dating auditor’s report
35
36
5/7/2019
19
EFFECT ON AUDIT WORK
How much more work will auditors need to perform?
AICPA PEER REVIEW AND THE EFFECT OF THE “BOLDED”
37
38
5/7/2019
20
Agenda
• Key areas for Peer Review – Bold Questions on the Checklist
• Common Peer Review Comments
Plan Auditors
Identify the key areas that have the highest risk for Peer Review failures
Understand the audit procedures to perform to assist with a successful audit
Common Peer Review Comments
Identify key areas of compliance issues and value-add items during your audit
LEARNING OBJECTIVES
39
40
5/7/2019
21
Key Peer Review ItemsRisk Assessment
IT Risk Assessment
• DOL Study from 2014• Enhanced Oversight Project
Non-conforming Engagements
Revised Checklists – Bold Questions
Bold Question: Predecessor Auditor
1) A103: If the auditor succeeded another auditor, did the auditor request
management to authorize the predecessor to respond fully to the
successor auditor’s inquiries regarding matters that might assist the auditor in
determining whether to accept the initial audit engagement, including a re-audit?
2) A104: Did the auditor evaluate the predecessor auditor’s response, and if
necessary, consider the implications if the predecessor auditor provided no response, or limited responses in
determining whether to accept the engagement?
41
42
5/7/2019
22
WHAT NOT TO DO
Documentation found in binder during inspection:
“We took over an engagement from another auditor in town – we know they do bad work, so we didn’t even contact them. We just obtained the prior year audit package from the client. No additional work is deemed necessary.”
WHAT TO DO:•Have client arrange access to predecessor auditoro Contact the predecessor auditoro Review the prior year workpapers and document
conclusions regarding adequacy of worko If not allowed to access – what are some of the things
you can do?• Ask first – are you going to have access?
o If not – ask additional questions to gain an understanding of what was done and how you could potentially place some reliance on work
o Reputation of firmo Prior work performed – what areas did the prior auditor test, results
43
44
5/7/2019
23
Bold Questions on Checklist3) A117: Did the working papers provide documentation of risk assessment procedures performed to provide a basis for the identification and assessment of risks of material misstatement at the financial statement level through its understanding of the entity, including its internal control?
• Nothing• Not documenting consideration of the risks (at
the financial statement and assertion level)• Not obtaining an understanding of the plan,
entity, and internal controls• Not documenting the audit response to identified
risks
WHAT NOT TO DO
45
46
5/7/2019
24
WHAT TO DO(Example of documentation)
This is just an excerpt of part of a form….
WHAT TO DO (Example of documentation)
This is just an excerpt of part of a form….
47
48
5/7/2019
25
Bold Questions on Checklist
4) A118: Did the working papers provide documentation of the auditors
understanding of relevant controls, evaluation of the design of relevant
controls and whether they have been implemented by performing procedures in addition to inquiry of plan personnel,
including relevant payroll and service organization controls?
5) A119: Did the working papers provide documentation of risks
identified and audit procedures planned in response to identified risks (at the
financial statement and assertion level as well as fraud risks)?
WHAT NOT TO DOA118:
• Not obtaining SOC 1 reports and documenting understanding of controls at service providers
• Obtaining SOC 1, placing it in file, but not documenting evaluation of the SOC 1 report
A119:• Nothing• Not properly documenting risks and responses
49
50
5/7/2019
26
WHAT TO DO: A:118
• Use reviewed soc 1 reports
A:119
This is just an excerpt of part of a form….
Bold Questions on Checklist6) A120: When a management’s specialist was used (actuary, appraiser, health claims specialist), did the working papers include evidence that the auditor performed required audit procedures, including:
a) Evaluation the competence, capabilities and objectivity of the specialist
b)Obtain an understanding of the specialist’s workc) Evaluating the appropriateness of the specialist’s work?
51
52
5/7/2019
27
Bold Questions on Checklist7) A124: Did the auditor properly identify risks and controls associated with the role of Information Technology (IT) - at both the plan sponsor and service organizations - and automated IT controls that are relevant to the audit?
8) A125: Did the auditor properly identify and document the linkage between further audit procedures and the IT risk assessment? (Emphasis added that this documentation needs to be in the plan’s audit file when the firm also audits the plan sponsor)
WHAT YOU SHOULD DO
53
54
5/7/2019
28
Bold Questions on Checklist9) A126: When the auditor used a type 2 Service Organization Controls (SOC)1 report as audit evidence to support his or her understanding about the design, implementation and effectiveness of controls at the service organization, were procedures performed and documented to evaluate the sufficiency and appropriateness of the SOC 1 report and any reduction in substantive procedures?
This includes the user control considerations and any sub-service organizations.
WHAT TO DO:• Read and understand the SOC 1 report
• Evaluate any exceptions or qualifications
• Ensure the user controls are in place
o Typically walkthroughs are used
• Reduce substantive testing based on SOC 1 report
o If used to reduce testing, auditor must test user controls
(walkthroughs are not considered sufficient to reducing testing)
55
56
5/7/2019
29
Bold Questions on Checklist10) A209: Did the auditor perform and document adequate substantive audit procedures to test the following assertions relevant to investments and investment income (in full scope audits)?
a) Transactions are initiated in accordance with established policies and comply with plan provisions
b) All investments are recorded and exist and are free of liens, unless disclosed
c) All investments are properly valued at year end
d) Principal and income transactions are properly recorded and valued
e) Information about investments is properly presented and disclosed
Bold Questions on Checklist11) A212: For DC plans, did the auditor perform and document sufficient procedures to test the following relevant assertions for employee (EE) and employer (ER) contributions received and receivable?
a) Are contributions recorded in the proper period
b) Participant contributions are authorized and according to plan provisions
c) All active participants have been included in the reports and records
d) Accurate participant data, including payroll information, is being utilized in determining amounts contributed to the plan
57
58
5/7/2019
30
Bold Questions on Checklist12) A215: For plans that include EE contributions, did the auditor perform and document sufficient procedures performed to identify, as prohibited transactions, employee salary deferrals that were not deposited in accordance with DOL regulations and consider appropriate disclosure and inclusion in a supplemental schedule of delinquent participant contributions?
WHAT TO DO:• Obtain an understanding of why
o Gray area
• Supplemental Schedule of Delinquent Participant
Contributions (Sch H, Line 4a)
• Disclosure?
• 5500 box needs to be checked
• Mgmt ltr and post 114 ltr
59
60
5/7/2019
31
Example of Supplemental Schedule of Delinquent Participant Contributions
Bold Questions on Checklist13) A221: Did the auditor perform and document sufficient procedures to test the following relevant assertions for benefit payments, withdrawals and claims payments?
a)Payments are in accordance with plan provisions
b)Payments are made to or on behalf of persons entitled to them and only to such persons
c)Transactions are recorded in the proper account, amount and period
d)Payments are presented and disclosed properly
61
62
5/7/2019
32
Bold Questions on Checklist14) A225: For defined benefit (DB) and health & welfare (HW) plans, did the auditor perform and document adequate substantive audit procedures to test the following assertions relevant to participant census data used by the actuary to compute accumulated plan benefits and other material benefit obligation (including post-retirement obligations)?
Bold Questions on Checklist15) A235: For employee stock ownership plans (ESOP), did the auditor perform and document sufficient procedures to test the following relevant assertions for participant accounts and allocations in a leveraged ESOP?
a)Allocation of net assets to individual participant accounts are in accordance with the plan document and ESOP loan agreement
b)Statements are properly presented as allocated or unallocated
c) Accounts are properly valued
d)Participant transactions have been authorized and executed in the proper amount, proper period, and according to the plan document
63
64
5/7/2019
33
Bold Questions on Checklist16) A236: For ESOP, did the auditor perform and document sufficient procedures to test the following relevant assertions for investments in privately held employer stock, subject to full scope audit procedures?
a) Investments are valued as of the plan’s year-end in accordance with the applicable financial reporting framework (FRF)
b)Dividends are recorded in accordance with the applicable FRF
c) For leveraged ESOPs: Shares pledged as collateral and investment transactions are properly recorded as allocated or unallocated.
Bold Questions on Checklist17) A237: For ESOP, did the auditor perform and document sufficient procedures to test the following relevant assertions for contributions?
a) They are classified as either allocated or unallocated
b) They are properly authorized and within plan and IRS limits
c) All active participants have been included in the reports and records
65
66
5/7/2019
34
Bold Questions on Checklist18) A238: For ESOP, did the auditor perform and document sufficient procedures to test the following relevant assertions for notes payable and interest expense?
a) They exist and are valid obligation of the plan
b) They are in accordance with the plan document and debt agreements
c) Transactions are properly recorded
d) Shares are properly released to participants as debt is paid
e) They are properly presented and disclosed
Bold Questions on Checklist19) A239: For ESOP, did the auditor perform and document sufficient procedures to test the following relevant assertions for distributions?
a)Terms of the put option, if applicable, are applied and properly presented and disclosed
67
68
5/7/2019
35
Bold Questions on Checklist20) A244: For an initial audit of a plan’s F/S, did the working papers provide documentation supporting the performance of audit procedures on the beginning balance of net assets available for benefits and the participant accounts comprising the beginning balance?
Bold Questions on Checklist
21) EB404: If the audit was a limited-scope audit permitted by DOL rules and regulations with respect to investment information, was a disclaimer issued and the basis for the disclaimer appropriately worded including the name of the qualifying entity, the periods covered, and a reference to the note summarizing the information certified? Additionally, was the note disclosure complete and accurate?
22) EB405: Does the report identify and include an appropriate opinion or disclaimer on applicable supplemental schedules required by ERISA and DOL regulations?
69
70
5/7/2019
36
Bold Questions on Checklist
23) EB406: Has the report been appropriately modified for a GAAP departure, GAAS departure, or non-disclosure of prohibited transactions, if the effect of the transaction is material to the F/S
24) EB407: Is the report appropriately modified for the F/S presented on a basis other than GAAP that is acceptable under ERISA or DOL regulations?
Bold Questions on Checklist
25) EB408: If the entity has made the decision to terminate a plan, has the auditor considered the implications of that decision for the auditor’s report.
71
72
5/7/2019
37
EOM – Terminating Plan Example
Common Peer Review Comments
• IT risk assessment not documented• Representation letter not tailored• No footnote for PII or related party footnote did not address PIIT• Risk assessment documentation missing• Risk assessment did not include proper audit response• No SAS 114 Communication to TCWG• Non-attest services not addressed in the engagement letter• Audit report date was last day of fieldwork not date when available
to be issued• No evidence of supervision or review• Missing engagement letter and representation letter • No SOC 1 report for investment custodian in a full scope audit
73
74
5/7/2019
38
Roundtable
75
