3. In
Internal Controls
Protect the Plan:
• By minimizing opportunities for
unintentional errors or intentional fraud
(Preventative Controls)
• By discovering small errors before they
become big problems (Detective Controls)
4. In
Two Types of Fraud
Fraudulent Financial Reporting
Poor investment
results (I)
Financial
stability of the
plan sponsor is
threatened (I)
Plan has
invested in
employer
securities (I)
Non-readily
marketable
investments (O)
Ineffective
monitoring of
management (O)
Deficient
internal control
components (O)
5. In
Two Types of Fraud
Misappropriation of Assets
Personal
financial
pressures (I)
Known or
anticipated
future layoffs (I)
Recent or
expected
changes in
benefits (I)
Lack of qualified
outside service
providers (O)
Inadequate
internal controls
over assets (O)
6. In
Head of defense
contractor steals
$186,000
Plan trustee
convicted on
17 counts of
wire fraud
totaling
approximately
$5.3 million
Plan
administrator
steals $4.3
million from four
plans for which
he provided
administrative
services
7. In
Internal control should be
based on a risk-oriented
approach to ensure adequate
controls exist for high risk
areas and that controls are
not excessive for areas
with low risk. - EBPAQC
Some high risk areas
include:
Participant data
input and change
administration
Processing
payroll &
contributions
Participant
distributions
8. In
• Are the controls in place and
operating
• Is the system working as
designed
• Are the controls periodically
reviewed
• Are identified exceptions and
problems resolved
• Are you monitoring service
organizations
Effective monitoring helps ensure your system
of internal control continues to provide the
protections you envisioned.
10. In
If a plan is selected for audit by the IRS,
the EP agent conducting the retirement-plan
examination will begin by evaluating the
effectiveness of the plan's internal controls
to determine whether to perform a focused
audit—that is, just look at three to five issues
or expand the scope of the examination.
In other words, based on the strength of the
plan's internal controls, the agent will decide
to examine more or less of the return than
originally planned.
Monika Templeman,
IRS Director of
Employee Plans Examinations
“
”
11. In
Our audit of the financial
statements will include obtaining
an understanding of internal
control sufficient to plan the audit
and to determine the nature,
timing and extent of audit
procedures to be performed.
An audit is not designed to
provide assurance on internal
control or to identify significant
deficiencies or material
weaknesses. Our review and
understanding of the Plan's
internal control is not undertaken
for the purpose of expressing an
opinion on the effectiveness of
internal control.
12. In
Significant deficiency - A deficiency, or a
combination of deficiencies, that is less
severe than a material weakness yet
important enough to merit attention.
Material weakness - A deficiency, or
a combination of deficiencies, such
that there is a reasonable possibility
that a material misstatement of the
financial statements will not be
prevented, or detected and
corrected, on a timely basis.
13.
14. In
Participant Data
1. Procedures exist to promptly identify and notify
eligible participants for enrollment
2. Retain enrollment applications including signed
refusals
3. Management should regularly review changes
made to the payroll master file
Payroll Processing and Contributions
1. Ensure adequate segregation of duties exist
2. Current payrolls are compared with previous
payrolls and variances are investigated
3. Access to the payroll system is appropriately
restricted
Participant Distributions
1. Signed distribution forms are used
2. Withdrawal forms, including requests
for hardship withdrawals from
401(k) arrangements, are
reviewed by a responsible
official
16. In
AICPA Employee Benefit Plan Audit
Quality Center – The Importance of
Internal Control in Financial Reporting
and Safeguarding Plan Assets
AICPA EBPAQC Plan Advisory, Effective
Monitoring of Outsourced
Plan Recordkeeping and Reporting
Functions
IRS – Retirement Plan Operation and
Maintenance