A Plan Audit By A Government Agency

Government agencies provide oversight of Employee Benefit Plans.  These agencies include the Internal Revenue Service (IRS) and the Department of Labor (DOL).  Protecting participant rights is the main focus of each agency.  In addition, each agency wants to ensure that participants understand their rights and receive the benefits they are entitled to under their respective plan.


A plan sponsor could find itself involved with a government audit as a result of, but not limited to the following:


  • Participant Complaint: A participant can call a regional office and speak to a benefit advisor to receive help related to a specific issue or to obtain general information.  If the advisor suspects a recurring issue, for example employee 401(k) contributions not appearing on a benefit statement, the information could be turned over to the investigative group of the government agency for further review.
  • Random selection.
  • Inaccurate or late filings of the Form 5500.


If selected for an audit, the process generally will begin with the receipt of a data request letter that will include a response deadline.  The data request can be extensive.  You will be asked to provide the basic plan governing documents, regardless of the type of plan (retirement or health and welfare).  These documents include:


  • Plan documents
  • Summary Plan Description (SPD)
  • Trust agreements

To determine that participants are informed of their rights under the plan the auditor may request proof that mandatory disclosures have been made.  The plan must be able to prove that the required notices were distributed.  A data request for retirement plans could ask for specific disclosures or “all documents relating to communications to the Plan, from the Plan, or concerning the Plan.”


It can take a year or more before the plan receives a findings or conclusion or closing letter due to the complexity of the laws, the amount of documentation to be reviewed, the caseload of the investigator, and the regional office.  If the DOL has any findings it is important to respond to each and every finding.


If possible it is better to discover and correct any possible issues before an investigation occurs.  The plan should:


  • Maintain up-to-date plan documents and ensure that all plan provisions are being followed.
  • Understand the scope of services performed by service providers.
  • Keep advisors updated regarding any plan changes or operational changes.
  • Consider taking advantage of government correction programs.

One of the most effective ways a service organization (for example, third party plan administrator) can communicate information about its controls is through a Service Auditor’s Report (SSAE 16 Report).  A service auditor’s report includes the service organizations description of controls.  A Type II report includes detailed testing of the service organization’s controls over a minimum six month period.  The service organization assumes that the user has certain controls in place at the user entity.  These user controls, which are outlined in the SSAE 16 Report, identify the roles, responsibilities and obligations of the entity using the service organization.  The user entities compliance with the responsibilities and obligations helps the service organization achieve their control objectives.  Common examples of user entity controls related to a defined contribution plan include the following:


  • Plan sponsors are responsible for ensuring that distribution requests submitted for processing are complete and properly authorized.
  • Plan sponsors are responsible for providing timely and accurate notification of changes to plan provisions and participant status.
  • Plan sponsors are responsible for locating participants if benefit payment or loan proceed checks remain outstanding.
  • Plan sponsors are responsible for reviewing monthly expense statements and providing notification of any discrepancies.
  • Plan sponsors are responsible for ensuring only authorized representatives have access and the ability to instruct transactions on behalf of the Plan Sponsor.


Plan sponsors should consider requesting a copy of the most recent SSAE 16 report available from their service providers in order to ensure that the applicable user controls as outlined in the report have been properly implemented.



For more information regarding a plan audit, please contact Sarah Robinson, a partner in our Employee Benefit Plan Group, by calling 518-456-6663 or [email protected]