Employee Benefit Plan Audits
Brian Chase, CPA
Vice President and Senior Internal Audit Manager
State Street Corporate Audit
April 16, 2007
Overview of Presentation
Pension Protection Act of 2006
Fiduciary Responsibilities
Employee Benefit Plan Audits
2
Pension Protection Act
Single employer DB plan changes
Accelerated funding requirements from 90% – 100%
Identification of underfunded “at risk” plans
(additional funding requirements and restrictions on payment options apply)
Expanded applicability of PBGC variable premium
Multiemployer DB plans
Two higher categories of funding status:
endangered plans (<80% funded) and
critical plans (70% funded)
All Hybrid plans are not deemed to violate age
discrimination rules (7/25/05)
Changes in ERISA disclosure requirements
have increased the amount of information
about the plans and tighten the reporting deadlines
Rules
SO
X
3
Pension Protection Act continued
DC Plans
Automatic enrollment: Employee must elect out within 90 days
Mandatory employer matching contributions (100% first 1% of pay,
50% next 5% of pay)
Expanded DC benefit statement disclosure emphasizing the
importance of diversification
With investment changes, old options must be mapped to new
Fiduciary protections do not apply to black-out periods
4
Pension Protection Act continued
DC plans cont.
Employers encouraged to provide investment advice
“Fiduciary Advisor” defined
Plan sponsor role clarified – Oversight of fiduciary advisors but
not advice content; authorize the advice program and review
annual audit of the program
Diversification: Must be allowed to get out of company stock
without a waiting period and have at least 3 other investment
options
Two new Prohibited Transactions
Advisor compensation cannot depend on participant
investment selections
Insurers cannot receive additional compensation from
allocations to their funds, unless the allocation is driven by
computer modeling developed by an independent advisor
5
Fiduciary Responsibilities
Each plan must have at least one named Fiduciary
Fiduciaries typically include: trustees, investment advisers, plan administrators
Fiduciaries must:
Act solely in the interest of plan participants and beneficiaries, and
understand terms of the plan
Carry out duties prudently
Follow plan documents and ERISA (ERISA takes precedence)
Diversify plan investments (concerns with proprietary investments)
Review reasonableness of plan fees and expenses
Avoid conflicts of interest (prohibited transactions)
Make timely contributions
Make timely disclosures to participants and government
Use discretion in administering and managing a pension plan or controlling
the plan’s assets.
6
Fiduciary Responsibilities continued
Oversight procedures for third-party service providers:
Reporting of Financial Information (from service providers, and
comply with GAAP and ERISA?)
Review third-party service provider controls (SAS 70)
Review of periodic third-party service provider reports with
reconciliations and comparisons of client data
Analytical review of investment performance reports (i.e internal
and external investment returns)
Established communication, escalation and follow-up procedures
Periodic review of financial and control measures (provider delivery
of info in accordance with contract or SLA expectations)
On-site visits to review management oversight
Monitor participant complaint process
7
Fiduciary Responsibilities continued
Limit liability by
Demonstrating diligence in performing responsibilities with
documentation of processes performed
DC plans limit liability of fiduciaries to the selecting of investment
options as long as participants have three or more investment
options and are provided with sufficient information to make
informed investment decisions
Fiduciaries can hire service providers to perform fiduciary functions,
but must monitor providers performance
Fiduciaries must monitor performance of investment options
Fiduciaries must be aware of other fiduciaries of the plan
8
Employee Benefit Plan Audits
6 major areas:
Assessing Internal Control
Plan Investments
Participant Data
Contributions
Distributions
Financial Reporting
9
Employee Benefit Plan Audits continued
In each section will cover:
Base responsibilities of the Plan Sponsor, Service Providers
and the auditor.
The impact of new regulations and standards.
Common audit procedures over the area.
10
Assessment of Internal Control
Obtain an understanding of the accounting system and control activities
Assess the processes performed by third party service organizations
Plan administrator
Bank trustee
Investment custodian
SAS 70 “Service Organizations”
Type I or Type II report
Controls covered
Review of service provider controls not covered by a SAS 70
report
Results of control assessment impacts the nature, timing and extent of audit
testing
11
Investments
Plan Sponsor Responsibilities
Establish diversified investment options.
Monitor investment performance.
Review service provider reports.
Recordkeeper and Custodian Reports
Internal Control Reports (SAS 70)
12
Investments continued
Impact of the Pension Protection Act
Allows for investment advice to participants in savings plans.
Requires a Plan to offer participants a minimum of 3 investment
options, not including company stock.
Changes to the liability of the fiduciary regarding default
investments.
13
Investments continued
Audit Procedures and Issues:
Review of management controls
Minutes of meetings for review of investment performance.
Evidence of review of SAS 70 User Controls.
Evidence of review of monthly/quarterly service provider reports.
Confirmation of investments held
Investment Valuation Testing
Independent review of pricing which may include confirmations or
review of fair value documentation.
Participant Loans: existence, in accordance with the plan, interest
calculations, delinquencies
Note: Investment testing may not be applicable if the plan sponsor elects to
have a Limit Scope audit performed. Limited scope audits require certification of
investments by the Trustee.
14
Participant Data
Participant Data will have different characteristics and importance
depending on the type of Plan.
Define Benefit or Pension Plans:
Employee Census provided to the Actuary
Areas of importance include age, sex, length of service
and salary information
Provides the basis for liability and contribution calculation.
15
Participant Data cont.
Defined Contribution or 401(k) Savings Plans:
Employee accounts maintained by the Plan Sponsor,
Recordkeeping Service Provider and Payroll
Areas of importance include date of birth, date of hire,
withholding rate election and salary information
Information is used to determine the participants proper
inclusion or exclusion from the Plan, their vesting status,
contribution amount and investment allocation.
DC Plans:
Increase in reliance on Service Providers to handle all
recordkeeping has limit the audit trail.
Participants changing withholding percentage often will
bypass the Plan Sponsor completely.
16
Participant Data cont.
Audit Procedures and Issues
Both DB and DC Plans
Auditor will test for the completeness and accuracy of the participant
data by comparing the information to payroll and personnel files.
Select participants from the Census data or 401(k) participant
listing and trace to the supporting payroll and personnel
documentation to determine that the data is accurate
Select employees from the payroll register and trace them to the
census or participant listing to determine that it is complete
(possible use of CAATs)
Assess the controls over payroll processing
DC Plans
Test the controls and processing of investment allocations for
participant accounts
17
Contributions
Plan Sponsor’s responsibility: Contribute to the Plan according to the
Plan Document and in compliance with applicable regulations.
The calculation and method of contribution will vary greatly depending
on the type of Plan.
18
Contributions – DB Plans
Calculated by an actuary based on:
Information on employee census
Number of Employees, Age, Gender, Salary and Length of
Service data and plan forumula(e)
Funding Goal of the Plan Sponsor.
Regulatory Requirements.
Pension Protection Act
Beginning in 2008 prescribes a funding target of 100%.
Plans not reaching the 100% target must amortize any shortfalls
over 7 years.
19
Contributions – DB Plans cont.
Audit Procedures and Issues:
Review of actuarial assumptions and reasonableness of the data
used
Assess the quality of the actuary
Ensure the Plan met minimum funding requirements
Review of wires and/or canceled checks
20
Contributions – DC Plans
401(k) contributions come from two channels, Employee and Employer.
Employee contributions are based on the withholding rate
designated by the employees and their eligible compensation as
defined by the plan document.
Employer contributions are voluntary and most often come in the
form of matching contributions or profit sharing contributions.
Timeliness on Contributions
Contributions must be made as soon as reasonably possible but no
later than 15 business days after the month end following the
withholding of the funds from the participant.
DOL has scrutinized plans which were within the 15 day limit
because they believed it was possible for them to make the
contributions sooner. (Not the sponsor’s money)
Rollover contributions received from new employees
21
Contributions – DC Plans continued
Impact of the Pension Protection Act
The Act makes establishing Automatic Enrollment policies easier.
Allowing for withdrawal from plan during the first 90 days
without penalty.
Allows for a wider range of default investment options.
Preempts state wage withholding laws.
Effect on employer stock as investment option
The Act requires that participants be allowed to diversify out of
company stock from employer matching contributions after 3
years of vesting
Employees can diversify out of company stock without a waiting
period for their own contributions.
22
Contributions – DC Plans continued
Audit Procedures and Issues:
Recalculation:
Select a period of time (Full year, 1 month, or 1 pay period) to
retrieve payroll information for a selection of participants.
Use the salary information and the participant’s withholding rate
from their personnel file to recalculate savings plan contribution
and any employer contributions.
Compare calculated amount to payroll and recordkeeper
records.
Timeliness of Contributions
Review contribution dates for the entire year to determine that
payments to the plan were made in compliance with DOL
regulations.
Assess the controls over payroll processing
23
Distributions
Plan Sponsor’s Responsibility:
Regardless of the type of plan, the Plan Sponsor should have
policies and procedures in place to review and authorize
distributions to participants, including required tax reporting.
DB Plans
Distributions are calculated upon retirement based on the
participant’s length of service and salary according to the plan
document, either in house or outsourced to the Plan’s service
provider (actuary).
24
Distributions continued
DC Plans –
Distributions are calculated upon termination based on the participants
contributions and vesting status in employer matching or profit sharing
contributions
Additionally, a participant may take a loan from their account based terms in
the Plan Document
Audit Procedures and Issues:
DB Plans
Recalculation of distribution, whether it’s an annuity or lump sum
Review of continuing annuities to verify no changes from prior year
Confirmation of distribution directly with the participant or receipt of a
canceled check
Review distribution paperwork for proper authorization, including
signatures of participant and spouse when required
Test of rollover funds received and posting to participant accounts
25
Distributions continued
Audit Procedures and Issues:
DC Plans
Recalculation of participants vesting.
Confirmation of distribution directly with the participant or
receipt of a canceled check.
For loans, ensure that the loan was made in accordance with
the Plan Document
Review distribution or loan paperwork for proper authorization,
including signatures of participant and spouse when required.
26
Financial Reporting
Plan Sponsor’s Responsibility
Review of service provider reports used as the basis of financial
reporting.
Ensure that all reports are in compliance with GAAP, ERISA and
IRS requirements.
Reports include:
Financial Statements
Form 5500
11(k) Filing for plans with employer
stock as an investment option.
Financial
Statements
27
Financial Reporting continued
Recent Accounting Changes
FAS 158: Requires the Plan Sponsor disclose on its Balance
Sheet a liability for the unfunded portion of the Plan’s projected
benefit obligation (effective for years ending after 12/15/06).
Guaranteed Investment Contracts (GICs) must now be disclosed
on the balance sheet at Fair Value instead of historical cost.
Amortized cost will be shown parenthetically on the face of the
balance sheet (FASB Staff Position Nos. AGG INV-1 and SOP 944-1)
SAS 112: “Communicating Internal Control Related Matters
Identified in an Audit”: Updates the auditor responsibilities for
reporting control deficiencies to party responsible for the financial
statements and defines “control deficiency, significant deficiency
and material weakness”
FAS 157 “Fair Value Measurements” (effective for years beginning
after November 15, 2007)
28
Financial Report continued
Audit Procedures and Issues
Review of Financial Statements and related disclosure, including
tying all balances to record keeper statements.
Note: Trustee reports are most often prepared on a cash basis of
accounting, so it is important to review the conversion to accrual
basis for Financial Statement disclosure.
Ensure consistency among reports, i.e. Numbers should be
consistent between Financial Statements and the Form 5500.
29
Questions
30