Benefit Plan Audit Readiness: What Plan Sponsors Must Prepare
If your retirement plan has 100 or more participants with account balances, federal law requires an annual audit by an independent CPA. Missing deadlines or submitting incomplete documentation leads to delays, higher costs, and potential Department of Labor (DOL) penalties. Here are the key details plan sponsors should know:
- Audit threshold: 100+ participants with account balances at the start of the plan year. The 80–120 rule lets plans with 80 to 120 participants file using the same status as the prior year, which may defer the requirement. Please call us to discuss.
- Filing deadline: Form 5500 is due July 31 for calendar-year plans. Filing Form 5558 extends this to October 15.
- Late-filing penalties: The IRS can assess up to $250 per day, capped at $150,000 per plan per year. The DOL can assess up to $2,739 per day (2025 adjusted rate) with no maximum. Both agencies can penalize the same missed filing.
- Your first decision: Choose between a full-scope audit and a limited-scope audit — the difference affects cost, timeline, and what the auditor’s opinion covers.
Benefit Plan Audit Readiness: Full-Scope vs. Limited-Scope
Before gathering documents or engaging an auditor, plan sponsors should understand which type of audit applies under the Employee Retirement Income Security Act (ERISA). This choice affects how much the auditor tests, what the opinion covers, and what it costs.
| Full-Scope Audit | Limited-Scope Audit (ERISA 103(a)(3)(C)) | |
|---|---|---|
| What the auditor tests | All plan accounts, including investments | All plan accounts except certified investment information |
| Auditor’s opinion covers | Full financial statements | Everything except the certified investment data |
| Requirement to use | Required when no qualifying certification is available | Requires a certification letter from a regulated financial institution (bank, trust company, or insurance carrier) |
| Typical cost | Higher — more testing, more time | Lower — reduced investment testing |
| Best fit | Plans where fiduciaries want the broadest verification, or where a qualifying custodian certification is not available | Plans with regulated custodians that can issue the required certification — this is the more common choice |
To elect a limited-scope audit, obtain a certification letter from the plan’s custodian confirming that investment information is complete and accurate. The certification must come from a regulated financial institution — broker-dealer certifications do not qualify.
Documents Your Auditor Will Need
Organize these before the audit begins. Most can be obtained from your third-party administrator (TPA) or recordkeeper. Missing documents are one of the most common causes of audit delays.
| Category | Documents | Why It Matters |
|---|---|---|
| Plan Governance | Executed plan document and adoption agreement; all signed/dated amendments; current IRS determination or opinion letter; Summary Plan Description (SPD) and Summaries of Material Modifications; trust agreement; board or committee minutes related to the plan; ERISA fidelity bond (must equal at least 10% of plan assets, up to $500,000) | Establishes the legal foundation of the plan. Unsigned amendments and missing fidelity bonds are among the most common documentation gaps auditors flag. |
| Service Providers | Executed service agreements with TPA, recordkeeper, custodian, and investment advisors; fee schedules and 408(b)(2) fee disclosures (the documents showing what each service provider charges and how they are compensated); SOC 1 Type 2 reports from recordkeeper, payroll provider, and custodian; investment policy statement | The auditor must verify that service provider controls are adequate. Simply receiving SOC 1 reports is not enough — you must document your review and note any deficiencies (see Common Audit Findings below). |
| Financial Records | Year-end trust statements from custodian; custodian certification letter (if electing limited-scope audit); reconciliation of trust assets to recordkeeper; draft Form 5500 | The reconciliation between custodian and recordkeeper is a core audit procedure. Discrepancies here will extend fieldwork. |
| Payroll & Participant Data | Payroll detail reports for the full plan year (by employee, by pay date); employee census data (name, date of birth, hire date, termination date, hours worked, compensation); deferral election forms for tested participants; evidence of timely contribution remittances | Auditors use this to verify eligibility, deferral accuracy, and contribution timing. Late remittance is a prohibited transaction — having a log of payroll dates vs. deposit dates ready prevents surprises. |
| Compliance Testing | Annual nondiscrimination testing results (ADP, ACP, top-heavy, coverage, and annual contribution and benefit limits under Section 415); employee census file used for testing; corrective distributions documentation | Testing confirms the plan does not disproportionately favor highly compensated employees. Corrections made during the year should be fully documented. |
| Transaction Support | Schedules of contributions, rollovers, loans, hardship withdrawals, and distributions by participant; loan policy and documentation; forfeiture reconciliation and usage documentation | The auditor samples individual transactions to verify they were processed correctly and per plan terms. Loan administration errors are a frequent finding. |
Common Audit Findings
The DOL’s most recent Audit Quality Study found that 30% of benefit plan audits had at least one major deficiency. Here are the findings that come up most often — and how to address them before fieldwork begins.
Late Contribution Remittances
Participant deferrals must be remitted to the plan as soon as administratively feasible — generally within a few business days of payroll. Small plans have a seven-business-day safe harbor; large plans do not. Late remittances are a prohibited transaction. They require correction, disclosure on Form 5500, and potentially lost earnings calculations. If contributions were late during the year, document the dates and any corrective action taken through the Voluntary Fiduciary Correction Program (VFCP) or self-correction before the auditor asks.
Errors in Plan Operations
Operational errors happen when the plan runs differently than the plan document says it should. Common examples include:
- Using the wrong compensation definition for deferrals or matching
- Enrolling employees too early or too late based on eligibility provisions
- Missing deferral opportunities — failing to enroll eligible employees
- Auto-enrollment failures
- Incorrect vesting calculations
- Loan administration errors (missed payments, incorrect terms)
The best preparation is straightforward: compare your plan document to how the plan actually operates. If there is a gap, document it and document the correction. The IRS Employee Plans Compliance Resolution System (EPCRS) provides formal correction methods for most operational errors.
Insufficient SOC 1 Report Review
Plan sponsors are required to review SOC 1 Type 2 reports from service providers and confirm that “complementary user entity controls” — the controls the service provider expects you to maintain — are in place. Receiving the report is not the same as reviewing it. Obtain SOC 1 reports from your recordkeeper, TPA, payroll provider, and custodian. Document your review in committee minutes. Note any reported deficiencies and what you did to address them.
Missing or Incomplete Documentation
The most common gaps are unsigned plan amendments, a missing or expired fidelity bond, incomplete participant records, and missing fee disclosures. Verify that all plan documents are signed and dated, and confirm your ERISA bond is current and covers the required amount.
Timeline for Calendar-Year Plans
For calendar-year retirement plans, the audit and Form 5500 filing follows a predictable schedule. Starting early — especially in Q1 — prevents last-minute documentation gaps and reduces the risk of delays.
- January–February: Engage your auditor and provide access to key plan documents and third-party service provider portals (recordkeeper, custodian, payroll).
- March–April: Complete nondiscrimination testing and finalize year-end data so the audit can proceed with clean, reconciled numbers.
- April–June: Auditor fieldwork. The most important factor during this window is responsiveness — timely answers and complete support documents keep the audit on track.
- July 31: Form 5500 due. If more time is needed, file Form 5558 to request an extension.
- October 15: Extended Form 5500 deadline (if Form 5558 was filed).
- September 30: Summary Annual Report (SAR) due to participants. If the Form 5500 deadline was extended, the SAR deadline typically moves to December 15.
Auditors consistently report that the biggest delays come from missing documentation or slow turnaround on requests. Engaging your auditor in Q1 gives enough time to resolve issues well before the filing deadline.
Selecting a Qualified Auditor
Audit quality correlates strongly with experience. According to the DOL’s Audit Quality Study:
- Firms performing 100+ benefit plan audits annually had a 17% major deficiency rate
- Firms performing 6–24 audits had a 38% deficiency rate
- Firms performing 1–2 audits had a 70% deficiency rate
When evaluating a potential auditor, ask:
- How many benefit plan audits does your firm perform annually?
- Is your firm a member of the AICPA Employee Benefit Plan Audit Quality Center (EBPAQC)?
- Who will lead the engagement, and what is their experience with plans similar to ours?
- What is your timeline and communication process?
- What do you need from us to complete the audit efficiently?
Contact WhippleWood CPAs
If you are preparing for your first benefit plan audit or want to improve your audit readiness, WhippleWood CPAs can help. Our team works with Colorado businesses to navigate ERISA compliance, prepare required documentation, and coordinate with auditors efficiently. Contact us to discuss your specific situation.
About the Author
Ron Bass CPA
Ron has led WhippleWood’s auditing practice since 2010. His career began in 1990 and includes time spent as a private company controller and ten years as an auditor for the largest CPA firm in Florida. He has audited publicly traded corporations, consolidated international corporations, state and local regulatory agencies, employee benefit plans, internal processes and controls, and nonprofit entities.
