This document provides an overview of preparing for an employee benefit plan audit. It discusses who the key players are in a benefit plan audit, including the sponsor, participants, trustee, plan administrator, custodian and service providers. It outlines the audit requirements for different types of benefit plans and discusses topics like understanding the auditor's responsibilities, internal controls, common audit findings and working with the auditor. The overall goal is to help plan administrators better understand the audit process and make the audit more efficient.

1. Getting Prepared for
Your Employee Benefit
Plan Audit
Lawrence J. Hoffman, CPA/CFF CVA CFE
Partner
March 14, 2012
Thrive. Grow. Achieve.

2. AGENDA
• Seminar Objectives
• Who Are the Players?
• Employee Benefit Plan Audit Requirements
• The Importance of a Quality Plan Audit
• Understanding Your Auditor’s Responsibilities
• Understanding Your Responsibilities
• Working with Your Auditor
• Common Audit Findings
• Suggested Resources
• Q&A
Benefit Plan Audit/ Page 2

3. SEMINAR OBJECTIVES
• Help you to better prepare for your EBP audit
• Make your audit more efficient and timely
• Better understand what your auditors do in an audit
• Anticipate areas of concern for auditors
Benefit Plan Audit/ Page 3

4. WHO ARE THE PLAYERS?
• Sponsor – Generally the employer.
• Participant – Employee, former employee, beneficiaries, members.
• Trustee (Fiduciary) – Responsible for the operation and administration of the
plan assets.
• Plan Administrator – Day-to-day administration of the plan. Could be the
sponsor; a trustee (bank trust dept); insurance company; investment advisor; or
a person designated by the Trustee, if an unrelated third party – “Third Party
Administrator” (TPA).
• Custodian – Charged with the safekeeping of the plan assets.
• Service Providers – Benefits consultant, investment
manager, accountants, lawyers.
Benefit Plan Audit/ Page 4

5. EMPLOYEE BENEFIT PLAN AUDIT
REQUIREMENTS
TYPES OF PLAN’S REQUIRING AN AUDIT
• Defined Contribution Plans
• Defined Benefit Plans
• Health and Welfare Plans
TYPES OF PLANS THAT DO NOT REQUIRE AN AUDIT
• Governmental plans (ERISA section 3(32)
• Church plans (ERISA section 3(33)
• “Safe Harbor” Plans (DOL regulation 29 C.F.R. 2510.3-2(f)
Benefit Plan Audit/ Page 5

6. EMPLOYEE BENEFIT PLAN AUDIT
REQUIREMENTS
AUDIT REQUIREMENT
• Generally when a plan has 100 or more participants at the beginning of the plan
year.
• A participant is defined as those who are eligible to participate in the plan (that
is, contribute to the plan), as well as those who are participating.
• Must count those obtaining or maintaining benefits – those who are no longer
employed yet have vested balances or benefits to be paid.
• 80/120 Rule.
Benefit Plan Audit/ Page 6

7. EMPLOYEE BENEFIT PLAN AUDIT
REQUIREMENTS
If last year you filed Form 5500-SF and this year you have:
Participants Tax Filings Audit Required?
<100 File Form 5500-SF No
100-120 Can elect 5500-SF No
>120 Must file Form 5500 Yes
If last year you filed a Form 5500 and this year you have:
<100 File Form 5500-SF No
>100 Must file Form 5500 Yes
Benefit Plan Audit/ Page 7

8. EMPLOYEE BENEFIT PLAN AUDIT
REQUIREMENTS
AUDIT SCOPE
• Full Scope Audit.
• Limited Scope Audit:
̵ C.F.R. 2520-103.8.
̵ Proper certification from a qualifying institution-bank, trust company or insurance company
̵ Only applies to investment and investment-related information at the plan level.
̵ Must include the words “complete and accurate.”
̵ Authorized signature on certification.
Benefit Plan Audit/ Page 8

9. EMPLOYEE BENEFIT PLAN AUDIT
REQUIREMENTS
FILING REQUIREMENTS
• Form 5500 (with audited financial statements for large plans).
• Due 7 months after year end (e.g., 12/31 year end = 7/30 due date).
• Automatic 2½ month extension if Form 5558 is filed with IRS.
Benefit Plan Audit/ Page 9

10. THE IMPORTANCE OF A QUALITY PLAN
AUDIT
• An important accountability mechanism.
• Plan Administrator’s duty to hire an independent auditor and ensure the plan has
obtained a quality audit in accordance with ERISA and DOL requirements.
• ERISA holds Plan Administrators responsible for ensuring that plan’s financial
statements are properly audited in accordance with generally accepted auditing
standards (GAAS).
• Penalties for audit failures can be substantial! ($1,100 a day capped at $50,000
per annual report filing where the required auditor’s report is missing or
deficient.)
• Your audit firm should be a member of the AICPA Employee Benefit Plan Audit
Quality Center.
Benefit Plan Audit/ Page 10

11. UNDERSTANDING YOUR AUDITOR’S
RESPONSIBILITIES
AUDIT OBJECTIVES
• Expression of an opinion on the financial statements.
• Auditor is responsible to plan and perform the audit to obtain reasonable
assurance that material misstatements, whether caused by error or fraud,
are detected.
• The audit is conducted in accordance with auditing standards generally
accepted in the United States.
• Generally accepted auditing standards require, among other things:
̵ Proper planning and risk assessment.
̵ Understanding the design and implementation of internal controls.
̵ Gathering of sufficient evidence.
̵ Documentation of findings.
Benefit Plan Audit/ Page 11

12. UNDERSTANDING YOUR AUDITOR’S
RESPONSIBILITIES
RISK ASSESSMENT:
• Plan management – tone?
• Control environment.
• Financial condition of plan sponsor and industry.
• Plan administration and personnel.
• Accounting and personnel records.
• Fraud risk factors.
• Change in trustees, custodians or other advisors.
• Significant accounting or auditing issues – MAPS, e.g., hard-to-value
investments, fair value disclosures.
Benefit Plan Audit/ Page 12

13. UNDERSTANDING YOUR AUDITOR’S
RESPONSIBILITIES
FRAUD RISKS
• Trustee of small plan created a fictitious employee in the census
data, made employer contributions, and then took out loans against the
balance.
• HR manager requested distributions for persons who left Company 2+
years ago. He had been successful 3 times for over $10,000. Discovered
when bank refused to direct the deposit, since deposit name differed from
account holder’s name.
• Plan investments managed in-house. Company controller is also Plan
Administrator. Controller borrowed funds from the plan to cover cash flow
needs of the Company.
• An HR employee, who also assisted with payroll, diverted both payroll
taxes and plan contributions into his personal account for six months, then
left the country. This employee also had responsibility for reconciling
payroll bank accounts.
Benefit Plan Audit/ Page 13

14. UNDERSTANDING YOUR AUDITOR’S
RESPONSIBILITIES
FRAUD RISKS (CONT.)
• A person was offered a job but never actually started the job. The plan
sponsor entered the person as an employee into the HR system, enrolled
the person in the plan, and then started issuing paychecks with deductions
for contributions to the plan. This went on for three years, until the
employee running the scam requested a distribution, at which time the
fraud was discovered.
Benefit Plan Audit/ Page 14

15. UNDERSTANDING YOUR AUDITOR’S
RESPONSIBILITIES
INTERNAL CONTROLS AND CYCLES:
• Contributions and receivables.
• Disbursements and payables.
• Investments.
• Payroll.
• Financial reporting.
Benefit Plan Audit/ Page 15

16. UNDERSTANDING YOUR AUDITOR’S
RESPONSIBILITIES
AUDITOR WILL ALSO CONSIDER, AMONG OTHER MATTERS:
• Existence and valuation of investments (based on audit scope).
• Receivables, including participant loans.
• Completeness and timeliness of employee and employer contributions.
• Accuracy of benefits paid and benefit obligations.
• Appropriateness of plan expenses.
Benefit Plan Audit/ Page 16

17. UNDERSTANDING YOUR AUDITOR’S
RESPONSIBILITIES
AUDITOR COMMUNICATIONS
• Required to make certain communications to “those charged with
governance” at the beginning and end of the audit (SAS 114 letter).
• Engagement Letter.
• Management Representation Letter.
• Communicating Internal Control Related Matters Identified in an Audit (SAS
115 letter):
̵ Material Weaknesses.
̵ Significant Deficiencies.
Benefit Plan Audit/ Page 17

18. UNDERSTANDING YOUR
RESPONSIBILITIES
• The financial statements are those of plan management – only the opinion
is the auditor’s!
• Know your plan and plan requirements.
• Know your service providers and their responsibilities.
• Make sure participant accounts and information is reconciled to the service
organization records on a timely basis (contribution records and census
data agree with payroll information).
Benefit Plan Audit/ Page 18

19. UNDERSTANDING YOUR
RESPONSIBILITIES
• System of internal controls (who has access to the data provided to the
service organization and can override controls?)
• Controls of a benefit plan are composed of controls at both the plan
sponsor, as well as at the service organization (SAS 70 report). Review
these reports.
• The DOL holds plan management responsible for the proper reporting of
plan investments. Watch for proper fair value reporting and disclosures.
Benefit Plan Audit/ Page 19

20. WORKING WITH YOUR AUDITOR
• Have a point person.
• The “PBC” list.
• Timely turnaround of requested documents and schedules (but review them
first!).
• Contact your service providers early to assure they will have the necessary
information on a timely basis, e.g., “audit package.”
• Obtaining service organizations’ SAS 70 control reports (now SOC 1, 2 and 3
reports).
• Scheduling audit field work – be ready!
Benefit Plan Audit/ Page 20

21. COMMON AUDIT FINDINGS
• Late deposit of participant deferrals and loan repayments.
• Failure to properly apply plan’s definition of compensation.
• Failure to follow plan’s eligibility provisions.
• Failure to update plan documents.
• Incorrect employer contributions (including match).
• Failure to properly apply plan’s vesting provisions.
• Improper use of plan forfeitures.
Benefit Plan Audit/ Page 21

22. SUGGESTED RESOURCES
• Selecting an Auditor for Your Employee Benefit Plan, DOL Employee Benefits
Security Administration:
http://www.dol.gov/ebsa/publications/selectinganauditor.html
• AICPA Employee Benefit Plan Audit Quality Center:
http://www.aicpa.org/InterestAreas/EmployeeBenefitPlanAuditQuality/Membershi
p/Pages/Find%20a%20Member%20Firm.aspx
• RAFFA, P.C. website – Employee Benefit Plan Services Resource Center:
http://www.raffa.com/services/?sec=4&subSec=43
Benefit Plan Audit/ Page 22

23. QUESTIONS AND ANSWERS
Benefit Plan Audit/ Page 23

24. LAWRENCE J. HOFFMAN
SENIOR PARTNER
Lawrence is a senior partner with RAFFA. He has over 30 years of audit, accounting, tax and consulting experience in
public accounting and the private sector. Lawrence started his career with a “Big Four” accounting firm in
Washington, D.C. and progressed quickly. He started his own CPA firm in 1982 and, in seven years, grew that practice
to one of the Washington D.C.’s largest firms. His firm also specialized in nonprofit organizations, along with other for-
profit industries and specialized consulting services. Lawrence is a Certified Fraud Examiner and Certified Valuations
Analyst. Over the years, Lawrence developed a nationally recognized practice in forensic accounting and
investigations. In 2008, he merged his practice with RAFFA.
His experience with nonprofit organizations includes charitable organizations and foundations, churches and religious
organizations, trade associations, private clubs and country clubs, health care and elder care. Understanding the
internal management and accountability needs of nonprofit organizations, Lawrence has assisted in the start-up and
development of numerous nonprofit organizations and has served on several boards throughout his career. He has also
assisted nonprofits with fundraising strategies and program development and has been an instructor at various industry
conferences on nonprofit accounting, auditing, forensic accounting and other financial management topics.
Lawrence also has extensive expertise in the regulations governing benefit plan audits. He is RAFFA’s designated
partner with the AICPA’s Employee Benefit Plan Audit Quality Center (EBPAQC). In this capacity, he coordinates the
firm’s membership compliance with the EBPAQC, disseminates information to RAFFA staff performing EBP audits and
coordinates RAFFA’s audit process and system of quality control. Lawrence also
Benefit Plan Audit/ Page 24

25. LAWRENCE J. HOFFMAN
SENIOR PARTNER
oversees and performs all quality control reviews for the firm’s pension and employee benefit plan audits. His
knowledge of accounting and auditing standards and regulations governing employee benefit plan audits includes
defined benefit, defined contribution, employee stock ownership, 403(b), 457, and other employee benefit plans.
Lawrence, who holds his CPA license in the Commonwealth of Virginia, is a member of the American Institute of
Certified Public Accountants and the Virginia State Society of Certified Public Accountants. He is also a member of the
National Association of Certified Valuation Analysts and the Association of Certified Fraud Examiners and is a certified
in Financial Forensics by the American Institute of Certified Public Accountants. He received a Bachelor’s degree in
accounting from Mount St. Mary’s College.
As a private pilot, he sits on the Board of Directors of Mercy Medical Airlift, an affiliate of Angel Flight and has
volunteered and completed numerous missions for Angel Flight and for animal rescue organizations. He is also a board
member and chairs the Finance Committee for New Hope Housing. Lawrence has been very active during his career
with assisting numerous nonprofit organizations as a volunteer, board member, and trusted advisor.
Benefit Plan Audit/ Page 25

26. THANK YOU!
Benefit Plan Audit/ Page 26