Government agencies provide oversight of Employee Benefit Plans. These agencies include the Internal Revenue Service (IRS) and the Department of Labor (DOL). Protecting participant rights is the main focus of each agency. In addition, each agency wants to ensure that participants understand their rights and receive the benefits they are entitled to under their respective plan.
A plan sponsor could find itself involved with a government audit as a result of, but not limited to the following:
If selected for an audit, the process generally will begin with the receipt of a data request letter that will include a response deadline. The data request can be extensive. You will be asked to provide the basic plan governing documents, regardless of the type of plan (retirement or health and welfare). These documents include:
To determine that participants are informed of their rights under the plan the auditor may request proof that mandatory disclosures have been made. The plan must be able to prove that the required notices were distributed. A data request for retirement plans could ask for specific disclosures or “all documents relating to communications to the Plan, from the Plan, or concerning the Plan.”
It can take a year or more before the plan receives a findings or conclusion or closing letter due to the complexity of the laws, the amount of documentation to be reviewed, the caseload of the investigator, and the regional office. If the DOL has any findings it is important to respond to each and every finding.
If possible it is better to discover and correct any possible issues before an investigation occurs. The plan should:
One of the most effective ways a service organization (for example, third party plan administrator) can communicate information about its controls is through a Service Auditor’s Report (SSAE 16 Report). A service auditor’s report includes the service organizations description of controls. A Type II report includes detailed testing of the service organization’s controls over a minimum six month period. The service organization assumes that the user has certain controls in place at the user entity. These user controls, which are outlined in the SSAE 16 Report, identify the roles, responsibilities and obligations of the entity using the service organization. The user entities compliance with the responsibilities and obligations helps the service organization achieve their control objectives. Common examples of user entity controls related to a defined contribution plan include the following:
Plan sponsors should consider requesting a copy of the most recent SSAE 16 report available from their service providers in order to ensure that the applicable user controls as outlined in the report have been properly implemented.
For more information regarding a plan audit, please contact Sarah Robinson, a partner in our Employee Benefit Plan Group, by calling 518-456-6663 or [email protected]