PLAN MANAGEMENT
RESPONSIBILITIES OVER
FINANCIAL STATEMENT
REPORTING
Diane Wasser, CPA
Amper Politziner & Mattia LLP
Randy Watson, CPA
Yanari Watson McGaughey PC
1
OUTLINE
• PRUDENT GOVERNANCE
• USER CONTROLS and MONITORING SERVICE
PROVIDERS
• INVESTMENT VALUATION
• SAS 115
• PREPARING FOR THE ANNUAL AUDIT
• COMMON ERRORS NOTED DURING AN AUDIT
• CENTER TOOLS
2
PRUDENT GOVERNANCE
• Fiduciary standards – no change, just more magnified
in the current environment
• What to do:
– Have a Plan Governance Committee
– Have Committee meetings regularly
– Keep written meeting minutes
– Consider an “Extra” meeting in light of economic
conditions
– Have an Investment Policy Statement
– Address financial stability of service providers
– Seriously consider an ERISA attorney relationship
3
PRUDENT GOVERNANCE
• Critical to have an effective process to identify
and manage risk
• Governance culture!
4
Maintaining Effective
User Controls and
Monitoring Service
Providers
5
Plan Sponsor Responsibilities
• Plan sponsor is subject to certain responsibilities
a) With fiduciary responsibilities come potential liabilities
b) Fiduciaries that don’t follow basic standards
•
•
c)
May be personally liable to restore any losses to the Plan
May be liable to restore any profits made as a result of
improper use of Plan assets
Responsibilities include Plan administration functions
•
•
•
Maintaining books and records
Filing complete and accurate Form 5500
Establish safeguards to ensure fiduciary responsibilities are
met
One way this can be accomplished is by implementing internal
controls over financial reporting
6
Value of internal controls
Internal controls protect your plan in two ways:
1. By minimizing opportunities for unintentional errors
or intentional fraud that may harm the plan.
-
Preventive controls, which are designed to discourage errors
or fraud, help accomplish this objective.
2. By discovering small errors before they become big
problems
-
Detective controls, are designed to identify an error or fraud
after it has occurred.
7
How to establish cost-effective controls
• Controls should be based on a systematic and riskoriented approach, to ensure that there are adequate
controls in areas with high risk, and that controls are
not excessive in areas with low risk. Before making
the decision to adopt a control, analyze the costs of
establishing and maintaining it, and consider:
– The potential benefits the control will provide
– The possible consequences of not implementing it
8
How to establish cost-effective controls
• DETERMINE YOUR PLAN’S CONTROL OBJECTIVES-
The first step in establishing controls over financial
reporting at your plan is to determine the objectives of
the controls, or what you want them to achieve: reliable
financial statements that are prepared in accordance
with generally accepted accounting principles.
Controls should be designed to address components of
the plan’s financial statements, such as plan
investments, contributions, benefits, participant data
and plan obligations, participant loans, and
administrative expenses.
9
Monitoring Controls
• Monitoring your controls is critical!
• Monitoring should be designed to identify and correct
weaknesses in internal control before they can result in
a significant misstatement in your plan’s financial
statements.
• You should periodically review the design and
operation of your plan’s controls, and make changes
where they are not providing the desired results
10
Monitoring Activities
• Your monitoring activities should
address the following issues:
– Are internal controls in place and operating?
Establishing policies and procedures will
have no effect if they are not implemented.
– Is the system working as designed?
– Are exceptions and problems identified and
resolved promptly?
– Are the controls periodically reviewed?
11
Internal Controls
• It is important to keep in mind that your auditor, under
his or her professional standards, cannot be a part of
your plan’s internal control.
12
Examples of Selected
Controls for Employee
Benefit Plans
13
Contributions - Sample Controls
• Amounts of contributions by employers and
participants meet authorized or required amounts:
– Contribution requirements or limitations are described in the
plan instrument or collective bargaining agreement.
– Contributions are determined using approved eligibility lists.
– Actuary is used to make periodic valuations and reports.
14
Contributions - Sample Controls
• Contributions are recorded at the appropriate amount
and in the appropriate period on a timely basis:
– Sponsor or employer payroll records are compared with
contribution calculations. In the case of multi-employer plans,
some form of periodic payroll audit is performed.
– Initial controls are established over contribution records for
both employer and participant contributions (e.g., salary
reduction amounts, after tax and rollovers).
– Clerical accuracy of contribution forms is checked
15
Participant Data - Sample Controls
• Participant data entries are properly recorded on a
timely basis:
– Participant forms (e.g., enrollment, transfers, investment
allocation, etc.) are controlled and are maintained for future
reference.
– The number of plan participants is reconciled using
enrollment forms.
– Participant data entries are updated and reconciled to
employers’ personnel and payroll records (or participating
employers in a multi-employer plan).
16
Participant Data - Sample Controls
• Participant eligibility is determined in accordance with
authorization:
– Eligibility is defined in the plan instrument.
• Access to participants’ data is controlled to prevent
unauthorized changes or additions:
– Employee participation refusals are retained for future
reference.
17
Reporting - Sample Controls
• Records are maintained in sufficient detail to provide
for proper and timely reconciliation:
– For defined contribution plans, the total of all participant
account balances is reconciled to the net assets in the
trustee’s/asset custodian’s reports on a periodic and timely
basis.
• Financial statements, actuarial information, disclosures,
and supplemental schedules as prepared are complete,
accurate, and in conformity with management’s
authorization:
– Procedures are established to identify required disclosure
items, for example, party in interest transactions and
transactions in excess of 5 percent of plan assets.
– Review of all financial reports and filings.
18
The Importance of Monitoring
Service Providers
• Hiring service providers does not relinquish Plan
Management’s ultimate responsibility for Plan
operations
• Plan Management must :
– Oversee the providers and assess their performance
– Meet regularly
– Review reports provided
19
What does a SAS 70 mean to me?
• It outlines what user controls are required.
• It is not only for the Auditor!
• It should be reviewed by Plan Management annually as
part of the third party service provider monitoring
effort.
20
INVESTMENT
VALUATION
21
INVESTMENT VALUATION
• PLAN MANAGEMENT IS HELD RESPONSIBLE
FOR INVESTMENT VALUATIONS AND
FINANCIAL STATEMENT DISCLOSURES —
Even where there are outside investment custodians,
asset or fund managers, or other service providers to
assist in determining the value of investments on a
plan’s financial statements and Form 5500, the DOL
holds plan management responsible for the proper
reporting of plan investments. This responsibility
cannot be outsourced or assigned to a party other than
plan management.
22
INVESTMENT VALUATION
• While management may look to a valuation service
provider for the mechanics of the valuation,
management should have sufficient information to
evaluate and independently challenge the valuation.
Therefore, it is important that plan management is
familiar with the plan assets in which a plan invests
and the methods and significant assumptions used to
value them, especially for investments in securities or
other assets for which readily determinable fair market
values do not exist.
• Controls to employ
23
INVESTMENT VALUATION CONTROLS
Investment transactions are recorded at the appropriate
amounts and in the appropriate periods on a timely
basis:
• Detailed subsidiary records are reconciled to trust reports on a
regular basis
• Control totals from participant’s records are compared to control
totals from trust reports on a regular basis. Report of
trustee’s/asset custodian’s independent auditor is reviewed
• Purchases and sales (as a result of contributions, distributions,
etc.)of mutual funds are reviewed to determine that the net asset
value agrees to published quotations.
• Purchases and sales are reviewed to determine that
the appropriate fair value was utilized.
24
INVESTMENT VALUATION CONTROLS
• Investment assets are protected from loss or
misappropriation:
– Responsibility for investment decisions and
transactions is segregated from custodian’s
functions.
– Financial stability of financial institutions holding
investments is reviewed.
– Written-off investments are reviewed for possible
appreciation
– Access to computerized investment records is
limited to those with a logical need for such access
25
INVESTMENT VALUATION CONTROLS
• Investments (other than insurance contracts with
insurance companies) are measured at fair value:
– Quotation sources and appraisal reports are
compared with recorded values.
– Valuation methods are documented in the trust
agreement or plan committee minutes.
• Investment criteria and objectives are authorized and
executed in accordance with formal authorizations:
– Investment criteria or objectives are documented in
the plan instrument or plan committee minutes
26
INVESTMENT VALUATION CONTROLS
• Review monthly trust reports
• Have regular communications with your investment
manager
• Compare quotation sources and appraisal reports with
recorded values.
• Compare values of pooled separate accounts and
common collective trusts to net asset values calculated
by the issuer.
27
INVESTMENT VALUATION CONTROLS
• Obtain the financial statements of pooled separate
accounts and common collective trusts and compare
unit information contained in the financial statements
for reasonableness to the unit values reported to the
plan.
• Document valuation methods in the trust agreement or
plan committee minutes.
• Have the plan committee approve the basis for “good
faith” estimates including independent appraisals, if
any, and document the basis used.
28
INVESTMENT VALUATION
• Plan management should review investment reports
detailing investment balances to ensure that they are
accurate and complete and report appropriate
investment values based on current or fair value as of
the date of the report.
• The type of services a trustee or custodian is engaged
to perform will dictate what information is received.
The typical custodial service provided by custodians
and trustees includes providing values that are based on
the best information available to them at the time of the
report.
29
INVESTMENT VALUATION
• In cases where the plan invests in assets without
readily determinable fair values, and where the trustee
or custodian may have been hired only to provide
custodial services, the values in the trust report
typically will be a pass-through of the values provided
by the fund company or limited partnership for
commingled funds, or by a boutique vendor or broker
for non-marketable securities.
30
INVESTMENT VALUATION
• In such cases, the reported values are based on the best
information available to the trustee and custodian at the
time of the report, which may or may not be fair value.
• To obtain proper fair values for alternative investments
one may need to contract for valuation services in
addition to the custodial services provided or, if one
has access to relevant information about the
investment, they can perform their own valuation. In
any case, it is important that management understands
how the investment values are determined so they can
make judgment regarding the reliability of the
information in the reports.
31
INVESTMENT VALUATION
• Plan investments must be valued as of the plan’s yearend.
• Start to inquire NOW, if not already, as to whether
custodians will provide the information necessary to
prepare the required financial statement disclosures
regarding the valuation inputs (Levels I, II and III)
used to determine investments values.
32
INVESTMENT VALUATION
• Investment certifications by banks or similar
institutions do not relieve plan management of its
responsibility for properly reporting fair values.
• It is important to note that hiring an auditor to perform
an audit--whether full scope or limited scope--does not
relieve management of its responsibility for the
completeness and accuracy of the plan’s investment
information reported in the Form 5500 and the
financial statements.
33
INVESTMENT VALUATION
• An independent auditor may be a good resource to
consult about the adequacy of valuation techniques and
the related disclosures, Department of Labor and
AICPA auditor independence rules restrict what nonaudit (non-attest) services auditors can and cannot
perform for a plan for which they perform the annual
financial statement audit (for example, Department of
Labor rules prohibit the auditor from maintaining
financial records for the plan).
34
INVESTMENT VALUATION
• A plan auditor may provide advice, research materials
and recommendations to assist you in making decisions
about the accuracy of investment valuations and the
adequacy of the related disclosures, and in establishing
internal controls surrounding your investment
valuations and can also help with the financial
statement preparation.
35
SAS 115 – Changes in
Internal Control
Communications
36
SAS 115 - Communications of internal control
related matters to plan management
• Effective for periods ending after December 15, 2009
• Conforms definitions of control deficiency, significant
deficiency, and material weakness to those in PCAOB
AS No. 2
 The term significant deficiency replaces the term reportable
condition
• Requires written communication of significant
deficiencies and material weaknesses to management
and those charged with governance
 Should be communicated even if they were communicated in
connection with previous audits
37
SAS 115 - Communications of internal control
related matters to plan management
• In an audit of financial statements, an auditor is not
required to perform procedures to identify deficiencies in
internal control (par. 4) or to express an opinion on the
effectiveness of an entity’s internal control (Not like SOX
404)
• However during the course of an audit, the auditor may
become aware of control deficiencies while obtaining an
understanding of internal controls, and assessing risk
38
Changes in Internal Control
Communications
• Main Changes
– Revised definitions of material weakness and significant
deficiency
– Revised the list of deficiencies in internal control that are
indicators of material weaknesses
– No longer includes a list of deficiencies that ordinarily would
be considered at least significant deficiencies
– Illustrative letter has been amended
39
Preparing for the Annual
Audit
40
Selecting the Auditor
Firm Information
• Size, location, and history of the CPA firm
• Whether the firm is a member of the AICPA Employee
Benefit Plan Audit Quality Center (EBPAQC)
• Number of employee benefit plan (EBP) clients
• Number of similar type plan audits, including the size
of each plan (by number of participants and/or amount
of total assets)
• Number of EBP clients gained/lost in the past several
years
41
Selecting the Auditor
• States in which the firm is licensed to practice
• Firm references-especially from similar type plans-and
specific contact information
• The firm’s latest Peer Review Report, Letter of
Comments, and firm’s response (if any) (Also available
for AICPA EBPAQC members at
http://www.aicpa.org/ebpaqc)
• Whether the firm is subject to current litigation
• Whether the firm is the subject of any DOL, AICPA, or
State Society Ethics findings or referrals
42
Selecting the Auditor
• Whether the firm meets the independence standards of
the AICPA and DOL
• The firms’ working paper retention and access policies
and requirements
• If filed with the SEC 11-K, whether firm is registered
with PCAOB
• Whether the firm has insurance coverage (errors &
omissions, workers’ compensation, etc.)
43
What to expect from the audit process
 Disruption from your daily routine
 Kick-off meeting
 Planning fieldwork stage
 Final fieldwork stage
 Closing meeting
 Final Product
44
What to expect from the auditor
 Inquiries
 Requests for documentation
 Experience
 Knowledge of plan terminology
 Clear line of communication
 Agreed upon schedule
 Helpful recommendations!
45
What the auditor is expecting of you
 Time
 Documentation requested
 Coordinate communication with third party providers
 Financial statements
46
Utilize your service provider to help the audit
process
•
•
•
•
•
•
Share your PBC listing with the TPA
Audit Package
SAS 70
Documentation of participant transactions
Form 5500
Testing results
47
What should the TPA provide the
auditors?
• As much information as possible up front
• Provide timely answers to testing discrepancies
• May depend on how much responsibility the TPA has with
the plan, i.e., Are they the trustee? Custodian?
48
The TPA should provide…
•
•
•
•
•
•
•
•
•
•
Organized audit package
Detailed listing of participant balances
157 information
Draft Form 5500 and all related schedules
Compliance and discrimination testing
Allocation of employer contributions
Loan roll-forward report
Distribution report
Transaction information
SAS 70 report, if available
49
What can you do to keep the fees down?
 Be prepared
 Respond timely to auditor inquiries
 Allow time
 Prepare or assist in preparing work papers
 Do your own word processing
50
COMMON ERRORS
NOTED DURING A
PLAN AUDIT
51
COMMON ERRORS NOTED DURING A
PLAN AUDIT
• Improper application of the definition of compensation
• Improper application of the plan’s eligibility provisions
• Improper use of forfeitures in accordance with the
terms of the plan
• Lack of attention to and documentation of user controls
• Lack of inclusion of finance and accounting in the
process
• Timeliness of deferrals
• Actuarial census errors/outdated information
52
TOOLS!
53
Tools Available to Assist
• Employee Benefit Plan Audit Quality Center
– Website: www.aicpa.org/ebpaqc
• Includes multiple resource centers with information and tools on EBP
topics. Includes checklists and resources for research on EB topics.
• Includes online member discussion forums
• Includes Topix Primer Series
• Includes Plan Advisories for communication and research on plan
responsibilities.
• Includes tools for Plan Sponsors
– E-alerts: Upcoming developments and events (archived on website)
– Live Forum Member Conference Calls
– AICPA Accounting and Auditing Technical Hotline
• 1-877-242-7212, aahotline@aicpa.org
http://www.aicpa.org/members/div/infohot/index.htm
– AICPA Ethics Hotline: (888)777-7077, ethics@aicpa.org
54
????????????
“The material contained in this presentation
is for general information and should not
be acted upon without prior professional
consultation.”
55