Skip to content

Insights

Form 5500 and 401(k) Audit Readiness: Your Guide to the July 31 Deadline

If your company sponsors a 401(k) plan, the annual Form 5500 filing deadline is approaching. For calendar-year plans, that deadline is July 31, 2026, covering the 2025 plan year. If your plan has 100 or more active participants, an independent audit must be attached to that filing.

This guide covers who needs an audit, what auditors look for, the most common deficiencies, and how to prepare your documentation before the deadline arrives.

The July 31 Deadline: What You Are Filing and Why

Form 5500 is the annual report that employee benefit plans file with the U.S. Department of Labor (DOL), the IRS, and the Pension Benefit Guaranty Corporation (PBGC). It provides a financial and compliance snapshot of the plan: assets, contributions, distributions, service provider fees, and plan operations.

All Form 5500 filings must be submitted electronically through the DOL’s EFAST2 system. The deadline is the last day of the seventh month after the plan year ends. For calendar-year plans, that is July 31.

If you need more time, you can request a one-time 2.5-month extension by filing IRS Form 5558 by July 31, which pushes the deadline to October 15, 2026. The extension is granted automatically once the form is filed on time. An automatic extension also applies if your plan year matches your business tax year and you have already received a federal income tax filing extension that runs past July 31.

Penalties for Late or Missed Filings

Penalties stack quickly:

  • IRS penalty: Under the SECURE Act, failure to file Form 5500 carries a $250 per day penalty, up to a maximum of $150,000 per return.
  • DOL civil penalty: Under ERISA §502(c)(2), inflation-adjusted annually, the maximum is $2,739 per day with no statutory cap (set effective January 2025 at 90 Fed. Reg. 1854; OMB Memorandum M-26-11 issued April 17, 2026 cancelled 2026 inflation adjustments government-wide, so the $2,739 figure carries forward into 2026).

If you have past-due filings, the DOL’s Delinquent Filer Voluntary Compliance Program (DFVCP) offers reduced penalties for plan administrators who voluntarily file late returns before receiving a DOL notice.

When Is a 401(k) Audit Required?

A 401(k) plan must include an independent auditor’s report with its Form 5500 filing when the plan is classified as a “large plan.” The threshold is 100 or more active participants at the beginning of the plan year.

Two important clarifications on the participant count:

Only participants with balances count. Starting with the 2023 plan year, the DOL counts only participants who have an account balance in the plan. Employees who are eligible but never enrolled, and terminated employees with no remaining balance, are excluded. This change, introduced under the SECURE Act, eliminated a significant number of small businesses from audit territory.

Terminated employees with balances still count. Former employees who left money in the plan are included in the participant count. If your plan has a growing number of terminated participants with small balances, those individuals push you closer to the 100-participant threshold. Reviewing your plan’s cash-out and force-out provisions, and processing mandatory distributions for small balances, can help manage the count.

The 80-120 Rule

The 80-120 rule provides a buffer for plans near the threshold. If your plan has between 80 and 120 participants with account balances at the beginning of the plan year, you can file in the same category (small or large) as you did the prior year.

For example, if your plan had 95 participants last year and filed as a small plan, and this year the count is 112, the 80-120 rule allows you to continue filing as a small plan without triggering the audit requirement. However, once the count exceeds 120, the plan must file as a large plan and include an audit regardless of prior-year status.

The 80-120 rule is not a permanent exemption. It gives growing companies time to prepare, but most plans that hover near the threshold will eventually need to engage an auditor.

What Auditors Look For

A 401(k) audit examines whether the plan is operated in compliance with its governing documents, ERISA regulations, and IRS qualification requirements. The audit must be performed by an independent accounting firm following Generally Accepted Auditing Standards (GAAS). Most 401(k) audits are conducted as ERISA Section 103(a)(3)(C) audits (formerly called “limited scope” audits), where the auditor relies on a certification from the plan’s custodian or trustee for investment information.

The core areas an auditor will examine include:

  • Contributions and payroll. Are employee deferrals and employer contributions deposited on time? The DOL requires that participant contributions be remitted to the plan as soon as they can reasonably be segregated from the employer’s general assets, which generally means within a few business days of payroll. Late deposits are treated as prohibited transactions and must be reported.
  • Participant data. Are eligibility determinations, vesting calculations, and compensation definitions consistent with the plan document? DOL audit quality studies consistently flag participant data as the top deficiency area.
  • Distributions. Are distributions processed correctly, with proper tax withholding and spousal consent where required? Are hardship withdrawals and loans administered according to plan terms?
  • Plan document compliance. Is the plan being operated according to its written terms? Discrepancies between what the plan document says and what actually happens in practice are a frequent finding.
  • Internal controls. Does the plan sponsor have adequate procedures for authorizing transactions, reconciling accounts, and segregating duties?

The Most Common Deficiencies

The DOL periodically reviews the quality of employee benefit plan audits. In its most recent Audit Quality Study, the DOL found that 30% of sampled audits had at least one deficiency, though this was an improvement from 39% in the prior study. The three most common deficiency areas were participant data, contributions and distributions, and internal controls.

Common operational errors that surface during audits include:

  • Auto-enrollment failures (eligible employees not enrolled on time)
  • Missed deferral opportunities (employees contributing at incorrect rates)
  • Incorrect compensation definitions (bonuses, overtime, or commissions included or excluded inconsistently)
  • Late remittance of participant contributions to the trust
  • Failure to follow the plan’s hardship withdrawal or loan provisions

If your plan has operational errors, the IRS Employee Plans Compliance Resolution System (EPCRS) and the DOL’s Voluntary Fiduciary Correction Program (VFCP) offer correction mechanisms. The VFCP now includes a self-correction component for certain minor violations, such as small late-contribution amounts, which can reduce the administrative burden of formal correction.

How to Prepare: A Documentation Checklist

Most of the friction in a 401(k) audit comes from missing or disorganized records, not from substantive plan failures. Getting your documentation together before the auditor arrives saves time, reduces fees, and avoids last-minute surprises.

Gather the following for the 2025 plan year:

  • Plan documents. The current signed plan document, all amendments, and the most recent summary plan description (SPD). If your plan adopted SECURE 2.0 amendments, confirm they are in writing. The IRS deadline for adopting all required SECURE 2.0 plan amendments is December 31, 2026.
  • Trust and custodial statements. Year-end statements from the plan’s custodian or trustee, including certified investment information for a limited-scope audit.
  • Payroll records. All payroll registers for the plan year, including off-cycle payrolls, and records showing when contributions were withheld versus when they were deposited to the trust.
  • Participant census data. A complete list of participants at the beginning and end of the plan year, including hire dates, termination dates, dates of birth, hours worked, and compensation.
  • Contribution and distribution records. Records of all employee deferrals, employer contributions (match and profit-sharing), rollovers, distributions, hardship withdrawals, and loans.
  • Compliance testing results. ADP/ACP nondiscrimination test results, top-heavy testing, and 415 limitation testing from your third-party administrator (TPA).
  • Fee disclosure documents. Service provider fee agreements and 408(b)(2) disclosures. Auditors will review whether fees are reasonable and properly disclosed to participants.
  • Fidelity bond. ERISA requires a fidelity bond covering every person who handles plan funds. The bond must be at least 10% of plan assets, up to $500,000 (or $1,000,000 for plans holding employer securities).
  • Prior-year audit report. If your plan was audited last year, have the prior report and management letter available. Auditors will follow up on any previously identified deficiencies.

Choosing the Right Auditor

Plan sponsors have a fiduciary responsibility to select a qualified, independent auditor. The DOL’s audit quality data makes a clear case for working with a firm that has meaningful EBP audit experience rather than treating the engagement as an add-on to a general audit practice.

At the same time, many plans in the 100- to 500-participant range sit in a middle ground: too large for the small-plan exemption, but not large enough to attract attention from the biggest audit firms. Regional and mid-size CPA firms that dedicate resources to EBP audits often deliver better service and more responsive engagement management at this size.

How WhippleWood Can Help

Our assurance practice works with plan sponsors across Colorado on Form 5500 filings and 401(k) audits. We focus on the size range where many growing manufacturers, professional services firms, and franchise operators need an auditor who understands their plan and responds when questions come up.

If your plan is approaching the 100-participant threshold, needs an audit for the first time, or you are considering a change in audit firms, we can help you prepare your documentation, complete the audit, and file on time.

Contact WhippleWood to discuss your plan’s audit needs before the July 31 deadline.

Interested in Learning More?

Connect with us to find out how we can help address your most complex challenge.

Related Insights

View All Insights