Time to Audit Your Auditor?

Does your CPA understand areas unique to employee benefits?

Is your audit deficient? There is a good chance it is. In May, the Department of Labor Employee Benefits Security Administration (EBSA) released a disturbing report assessing the quality of benefit plan audits.

The findings were worrisome to say the least. Overall, EBSA’s review found that only 61 percent of the audits fully complied with professional auditing standards or had only minor deficiencies under professional standards.

That means 39 percent of the audits contained major deficiencies with respect to one or more relevant generally accepted auditing standard (GAAS) requirements. Twenty-four percent of all audits were found to have 10 or more deficiencies. No small thing. A deficient audit could lead to a rejection of your Form 5500 filing, resulting in thousands of dollars of late filing or non-reporting penalties that can be assessed by both the U.S. Department of Labor (DOL) and the Internal Revenue Service (IRS). EBSA calculated that audit deficiencies put $653 billion and 22.5 million plan participants and beneficiaries at risk. Disturbingly, the number of deficient audits has been steadily increasing over the last 26 years that EBSA has been doing audit quality assessments.

So what is a plan trustee to do to ensure his/her fund has an adequate audit?

Let’s look at what the EBSA concluded from its assessment:

• Once again, the smaller the number of the firm’s employee benefit plan audits, the greater the incidence of audit deficiencies.
• Audit areas that are unique to employee benefit plans such as contributions, benefit payments, participant data and party-in-interest/prohibited transactions, continue to lead the list of audit deficiencies. As EBSA found in its two previous studies, CPAs often failed to consider these unique audit areas and, therefore, performed inadequate audit work.
• CPAs failed to comply with professional standards either because they were not adequately informed about employee benefit plan audits, or failed to properly use its technical materials. Audit partners in firms performing a greater number of plan audits tended to have a greater amount of employee benefit plan-specific training. In a number of instances, however, even having the proper technical guidance did not ensure that a quality audit was performed.
• The Practice Monitoring Peer Review process established by the American Institute of Certified Public Accountants (AICPA) and administered by sponsoring state CPA societies does not appear to be an effective tool in identifying deficient plan audit work and ensuring compliance with professional standards. While selecting an employee benefit plan audit is a required part of the peer review process (where applicable), CPAs who performed deficient audits often received acceptable peer review reports.
• Members of the AICPA’s Employee Benefit Plan Audit Quality Center (EBPAQC) tend to have fewer audits containing multiple GAAS deficiencies. Additionally, non-EBPAQC member firms tend to have a larger number of GAAS deficiencies, per audit engagement, than EBPAQC members.

Armed with the above information, it’s now time to take a close look at your current fund auditors.

The first question trustees need to consider is whether it’s appropriate to do a request for proposal (RFP) at this time.

What to look for when evaluating an auditor?

1. Is the firm properly licensed where they practice?  Federal law requires that an auditor engaged for an employee benefit plan audit be licensed or certified as a public accountant by a state regulatory authority. This question may seem obvious but it can never be assumed. The rules on licensing vary by state. Ensure any auditor you are considering provide proof of a current license.
2. Is the audit firm independent and objective?  Auditors should be independent of fund trustees, administrators, and other parties-in-interest to the trust fund. If the auditor is related or has a connection to the trust fund, they probably aren’t independent and should not be retained.
3. Are they a member of the EBPAQC?  This credential is not required but the EBSA’s assessment found that members of this organization had fewer multiple deficiencies per audit engagement—30 percent for members versus 82 percent for non-members.
4. Does the proposed audit team have employee benefit specific training and experience?  According to the EBSA’s finding, as the level of employee benefit plan-specific training increased, the percentage of deficient audits decreased. This is in keeping with the EBSA’s finding that a majority of deficiencies were the result of the CPA failing to adequately understand and account for areas unique to employee benefits.
5. How many employee benefit plan audits does this auditor perform?  How many of those are for a multiemployer plan? The number of plan audits an auditor did had a direct correlation with deficiencies. For instance, 75 percent of firms who only did one or two employee benefit plan audits had deficiencies. By comparison, only 12 percent of firms that audited more than 100 employee benefit plans had deficiencies.
6. Is the auditor familiar with the most common deficiencies as identified by the EBSA and do they have a process in place to guard against making them in your audit?  Contributions, benefit payments, participant data, and party-in-interest/prohibited transactions lead the list of audit deficiencies.

Specifically, the EBSA found:

• that there was insufficient payroll testing
• no work was performed in an area
• auditors failed to test participant eligibility
• auditors failed to test allocations to participant accounts

The auditor you retain should know this and be able to explain how the information they will gather, as well as their processes, guard against any serious deficiencies in the work they will do.

It’s worth noting that the amount of fees charged did not show any correlation to audit quality. Likewise, audit peer review did not have any meaningful correlation with the adequacy of the work performed.

Lastly, while you are reviewing your auditor or engaging a new one, ensure that you have adequate documentation of your service agreement on file. Generally, the letter of engagement should:

• contain the names of both the fund and the auditor
• outline the scope, objectives and purpose of the audit
• clearly specify the terms of payment; specify the reporting package and its format
• identify the type and timing of the audit, including the evidence to be provided by the fund
• provide for professional standards to be followed

Above all, ensure the fund has a fully executed copy of the agreement signed by both sides in its records.

Additional Resources

Information by the DOL to assist plan administrator in selecting an auditor, Selecting an Auditor for Your Employee Benefit Plan.

Trustees should not construe these resources as legal advice and are urged to consult with their own fund counsel to determine whether any action is permissible or advisable.