Take a Closer Look

By Carolyn Hirschman May 1, 2005

HR Magazine, June 2005That 401(k) plan youre overseeing may have some hidden weaknesses that only a specialized audit could bring to light.

​The pressure is on—just about all the time—for benefits professionals who administer 401(k) plans.

Participating employees want the best investment returns for their accounts. Employers want plans to run efficiently. Federal agencies want administrators to abide by all the laws and regulations. And administrators themselves, aware of their fiduciary responsibilities as decision-makers for plans, want to be sure employees are getting the most appropriate investment choices and paying the lowest possible fees. How can you, as an HR professional with retirement plan responsibilities, make sure a 401(k) plan stays on track?

Have the plan reviewed and audited regularly, experts say—and not just to satisfy the government’s financial reporting requirement. While that mandatory annual report entails a careful look inside the plan, there are other 401(k) reviews that are helpful in their distinct ways.

For example, compliance audits ensure that a plan follows federal legal and regulatory requirements as well as a company’s own plan documents. Operational reviews can reveal administrative and procedural flaws in a plan. Governance audits make sure the employees responsible for a 401(k) understand their roles. Still another type of 401(k) review involves making sure the plan’s investment options are sound and its fees are reasonable.

Although not legally required, these plan reviews can be useful for keeping a 401(k) of any size running on the proper legal and operational tracks—and can help fiduciaries fulfill their central role of always acting in the best interests of plan participants.

Reporting to the Government

Before going the extra mile with reviews that aren’t required by law, make sure you are in step with the mandatory report—Form 5500, which plans must file with the U.S. Department of Labor (DOL). The report, filed after the close of the plan year, is required under the Employee Retirement Income Security Act (ERISA), the 1974 federal law governing private employee benefits plans. Typically, each Form 5500 must include a financial statement audited by an independent, qualified public accountant.

Such audits are conducted to “ensure that there are no prohibited transactions, and that there are proper controls around the accounting of plan financial assets,” says Brian C. Hubbell, a principal in the Charlotte, N.C., office of Findley Davies Inc., an HR and benefits consulting firm.

Among other things, an auditor examines a plan’s assets and balance sheets, makes sure that payments are made and transferred correctly, and ensures that generally accepted accounting principles are followed.

Attorney Mark Bongard, a member of the DOL’s Advisory Council on Employee Welfare and Pension Benefit Plans, says the legally required audits of financial statements can keep plan sponsors out of hot water because the process can uncover defects, problems or issues in plan administration, which then can be corrected or improved. That in turn can go a long way toward keeping a sponsor out of trouble with the DOL, says Bongard, who is senior counsel at Ashland Inc., a transportation construction and chemical company based in Covington, Ky.

The responsibility for making sure auditors conduct such audits thoroughly and on time rests squarely on plan administrators. It’s important to choose an experienced, reliable auditor, as the DOL says, “because an incomplete, inadequate or untimely audit report may result in penalties being assessed against you as the plan’s administrator.” (For more information, see "Rules, Missteps and Penalties".)

Because plan audits haven’t always been up to par, the DOL has been reviewing plans at random. In addition, Hubbell says, the Internal Revenue Service (IRS) has been reviewing 401(k)s, focusing recently on plans with 2,500 or more participants.

Nipping Problems in the Bud

A 401(k) plan fiduciary’s duty to act prudently and solely in the interest of participants takes in a broad range of decisions and actions, including selecting and monitoring investment options, analyzing fees, and notifying employees of their rights. To make sure they’re getting it all correct—and to try to prevent government penalties or participant lawsuits for breaches of fiduciary duty—plan administrators can hire independent outside experts to conduct a compliance audit, a checkup that looks for potential ERISA violations and recommends corrections.

Like preventive maintenance on a car, compliance audits—while not legally required—can find problems early and prevent others from occurring. (For more information, see "Common Trouble Spots for 401(k)s".)

A compliance audit combs through the details of a 401(k)’s policies and processes to see if things are being done correctly, consistently and on time, and if they are documented. For example, are 401(k) loans being made and repaid properly? Are vesting rules being followed? Are beneficiaries designated correctly?

The aim is to make sure those involved in running a 401(k) are following both the law and their company’s own plan documents. As DOL puts it, fiduciaries “must follow the terms of plan documents to the extent that the plan terms are consistent with ERISA.”

The penalty for carelessness in abiding by your own rules can be severe, as Fred Reish, managing director of the Los Angeles law firm Reish, Luftman, Reicher & Cohen, observes: “The failure to follow the plan document is a disqualifying defect [a violation that could cause the plan to lose its qualification for tax benefits] under the Internal Revenue Code and a fiduciary breach under ERISA.”

Mistakes are common. “We’ve never done [an audit] where we didn’t find some issues. It’s just too complex,” says Debbie Powell, senior vice president and national compliance practice leader at the Segal Co., a New York-based benefits consulting firm.

Though some employers perform compliance reviews as a matter of course, usually they’re prompted by a turnover in plan administration, either internal or external, or a merger of two plans, says Terri Vaughn, a vice president and 401(k) consultant at Chicago-based Aon Consulting.

Hubbell says, “What the majority of plans do not do is take a proactive step in initiating audits, but a shift is occurring because of heightened enforcement initiatives by the DOL and IRS.” The DOL closed 4,399 civil investigations in 2004 and 4,253 the previous year. Nearly 70 percent of last year’s cases were closed “with results,” meaning a penalty or a voluntary correction.

It’s easy, especially for small 401(k) sponsors, to neglect compliance audits because time is short or money is scarce, but in fact those can be costly excuses, Reish says. “The truth is, you don’t have time not to do it. If something breaks down and becomes a big problem, that takes so much more time away from your job duties.”

Says Ross Krinsky, senior vice president of retirement consulting at Boston-based Fidelity Human Resources Services: “It’s your responsibility to do things correctly. Just saying, ‘I wasn’t aware’ is not good enough.”

Looking Inside the Structure

Like compliance audits, operational reviews look closely at a 401(k) plan’s processes, but they address administrative rather than legal areas. They search for systemic problems to pinpoint mistakes and inefficiencies and to recommend changes that will help a plan operate more cost-effectively.

“Operation of any of these plans requires a lot of attention to detail,” says Powell. An operational review looks at workflow and technology, for example, to see if in-house benefits managers, third-party administrators and other vendors communicate well. Other areas to consider include enrollment procedures, the performance of 401(k) recordkeepers, employee education and the accuracy of plan communications.

Says Stephen J. Lansing, president of Sentinel Fiduciary Services Inc. in Orlando, Fla.: “There is potential [fiduciary] liability that is not well defined or codified. For instance, on the operational side, periodically plan sponsors should figure out if the recordkeeping is being done in a way that adheres to the plan document.”

Like compliance audits, operational reviews can keep plan sponsors in the government’s good graces. “The IRS would look favorably upon a plan that initiates an audit of its operations,” Hubbell says. “It could lead to a lower penalty” if an instance of noncompliance is discovered.

Reish recommends analyzing participant investment patterns to see if anyone is too heavily invested in cash or stocks, especially company stock. Many “out of balance” accounts could signal a need for more employee financial education or the addition of lifestyle funds, he says.

Shaping And Running a Plan

Two additional ways of examining 401(k) plans focus on authority and expenses.

In light of the DOL’s attention to fiduciary responsibility, some consultants recommend a plan governance audit—a close look at how a plan sponsor delegates and monitors the control and responsibility of running a 401(k). These specialized audits make sure, for instance, that a plan has named a fiduciary—a person responsible for the plan. “Many 401(k) plans are run by the seat of the pants,” without much thought given to formal structure, says Lansing. “If a participant sues you, who’s going to get served? If the answer is, ‘We’re not sure,’ that’s a problem.”

Separately, it’s always a high priority for plan administrators to monitor investment options and service-provider fees. Most large plans review such matters quarterly, but “small to medium-sized plans [of less than $50 million in assets] are somewhat lax in monitoring plan assets,” Hubbell says. An analysis, including a review of an investment policy statement, should be done at least once a year. (For detailed information on this type of plan review, see "Uncovering 401(k) Fees" in the August 2004 issue of HR Magazine.)

How To Get It All Done

With so many aspects of a 401(k) to review, it’s easy for plan administrators to feel overwhelmed. But experts note that companies don’t have to review everything in full every year. Hubbell advises “homing in on areas where you think there might be problems.”

Another practical, affordable approach, Reish says, is to review different aspects of a plan each year so that it all gets done eventually.

Powell says plan sponsors that outsource most or all 401(k) duties should conduct operational reviews about every two years to keep close tabs on service providers, while those with more in-house control should do them every three or four years.

Large companies may have the expertise to review 401(k) plans internally, but plan sponsors usually hire outside consultants who know the law and can benchmark a company’s practices. “You need to have someone who’s independent from all the stakeholders to ensure an unbiased result,” Hubbell says.

Hubbell says reviews by his firm cost $25,000 to $75,000, depending on their scope. Segal charges $15,000 to $45,000 for a compliance audit depending on its depth and $30,000 to $35,000 for an operational review.

Consultants’ reports on their findings often contain recommended changes, which plan sponsors can disregard if they choose. But sponsors’ decisions to not implement consultants’ recommendations should be documented so the sponsor can avoid appearing to ignore problems in a plan, experts say. “What you don’t want,” Powell says, “is a report sitting in your files where someone said, ‘Here’s a problem, you need to fix it,’ and you didn’t do anything.”

Powell also suggests that consultants be retained by plan sponsors’ lawyers in an effort to secure a shield of attorney/client privilege for the results of the review. Reviewing a 401(k) may seem complicated and costly, but for many companies it’s worth it to know a retirement plan is running legally, smoothly and in the best interest of employees.

Carolyn Hirschman is a business writer in Rockville, Md., who specializes in HR and benefits issues.

Web Extras

Common Trouble Spots for 401(k)s

The primary reporting and disclosure requirement for private employee benefits plans is federal Form 5500, an annual filing of actuarial, financial, service-provider and other information.

Exact reporting requirements for 401(k) plans depend on whether they are small plans (fewer than 100 participants at the start of the plan year), large plans (100 or more participants) or direct filing entities (trusts, accounts and other investment arrangements that plans participate in).

The Form 5500 report, submitted to the DOLs Employee Benefits Security Administration (EBSA) and shared with the IRS and the Pension Benefit Guaranty Corp., is due seven months after the plan year ends.

For plan years ending Dec. 31, the deadline is July 31; extensions until Oct. 15 are common. Participants and beneficiaries must get a summary annual report two months later.

Its a lot of work. Its also a costabout $7,000 to $8,000 for a plan with up to 150 participantssays Gary Kronmiller, director of retirement plan services in the Bend, Ore., office of accounting firm Jones & Roth PC.

That cost pales in comparison with the possible penalties that the EBSA can levy on plan administrators who file annual reports late or dont file at allup to a hefty $1,100 per day per plan until the problem is corrected. Incomplete or inaccurate filings invite the same penalty.

The EBSA allows delinquent and inaccurate filers to correct violations with reduced penalties, but that option is not available to plan sponsors that are under investigation or that do not have documented policies and procedures, experts note.  

Rules, Missteps and Penalties

Benefits attorneys and consultants who review 401(k) plans say the most-common problems typically occur in the following areas:

  • The definition of compensation. Benefits are calculated, accrued and paid based on this definition. It may or may not include overtime, commissions and bonuses. Be sure the definition used in practice is the same as the one listed in the plan document. If its not, you could be matching employees contributions with too much or too little money, necessitating a costly correction of every individual participant account.
  • Participant loans. Again, look for administration thats inconsistent with the plan document. Do you follow restrictions​ on eligibility for loans? Do you comply with the IRSs requirement to tax loan balances if payments are missed? Are there any prohibited transactions?
  • Company stock. To avoid class-action lawsuits, many employers have relaxed their requirements by allowing participants to trade into and out of company stock without time restrictions. Theres no legal cap on the percentage of company stock allowed in a 401(k), although caps have been proposed in Congress.
  • Eligibility. Inform newly eligible employees of their chance to enroll in a 401(k) plan. Its permissible to exclude temporary workers, independent contractors and part-time employees, but you must state those exclusions in your plan document. If you dont, you could be violating your own eligibility rules. (Conversely, you may have enrolled someone whos not eligible.)
  • Death benefits. When a participant dies, a plan sponsor must ensure that benefits are paid to the correct beneficiary. If the beneficiary is not the participants spouse, its necessary to have a notarized consent form from the spouse waiving his or her right to benefits. 

Job Finder

Find an HR Job Near You
Post a Job


Find the Right Vendor for Your HR Needs

SHRM’s HR Vendor Directory contains over 10,000 companies

Search & Connect