Administering a workplace retirement plan requires the effort of many players with different responsibilities, but by far the greatest obligation is the employer's fiduciary duty as the sponsor of the plan. Plan sponsors are sometimes unaware of their responsibilities as fiduciaries, particularly when it comes to selecting and overseeing the plan's service providers. Often, employers will assume a service provider is performing a certain task, only to learn when an issue arises that the task was something that the employers, as the plan sponsor, should have been performing all along.
Let's clarify the roles of the key players in administrating a 401(k) or similar employer-sponsored plan: First, the plan sponsor names an officer or employee of the company as the named fiduciary, also known more commonly as the plan administrator. It is common for the plan administrator to then outsource some tasks to service providers. However, the ultimate responsibility for any outsourced activities remains with the plan sponsor and administrator.
The table below details the duties of the plan sponsor, administrator and participants (yes, they're also key players), and service providers and regulators.
401(k) Plans: Key Players’ Responsibilities
Plan Sponsor (Employer)
Named Fiduciary/Plan Administrator
Auditor (when required)
Establishes the plan and offers it to employees.
Ensures the plan is administered in accordance with plan documents.
Provide the administrator with their personnel information and timely updates to this information.
Safeguards assets of the plan and plan participants.
Provides investment consultation and recommends asset diversification and investment strategy.
Through a full-scope audit, provides assurance that the plan’s financial statements are free from material misstatements.
Department of Labor (DOL): Regulates the plan sponsor’s fiduciary responsibilities and enforces plan-prohibited transactions as defined by the Employee Retirement Income Security Act (ERISA).
Names a fiduciary or plan administrator.
Executes or oversees day-to-day activities of the plan.
Reviews their plan statements.
Allocates earnings and losses to participants appropriately
In a limited-scope audit, provides assurance that the plan's financial statements are presented in compliance with the DOL and ERISA.
IRS: Regulates plan participation, vesting and funding, as defined by ERISA.
Ensures the plan complies with all laws and regulations.
Serves as the plan record keeper.
Certifies balances of plan assets (if applicable).
IRS: Grants acceptability of the plan under internal revenue code, based on plan documents.
Submits timely remittance of employee and employer contributions.
Monitors plan strategy (investment and otherwise).
Selects from among available investment options.
Invests contributions as directed.
Reports plan contributions through employees’ W-2 Forms.
Prepares and issues Form 1099-R to participants as necessary
Prepares annual participant census.
Performs year-end compliance testing.
Prepares, signs and submits annual Form 5500 to the IRS.
Obtains necessary fidelity bonding, if required.
Vetting Service Providers
Plan administrators must ensure that the service providers maintain adequate internal controls—an organization's rules and procedures for maintaining the integrity of financial information and preventing fraud. Proper internal controls will address such concerns as financial reporting, security and information privacy.
To perform this oversight, plan sponsors can check that their service provider has a Service Organization Control (SOC) report, in which an audit firm assesses the service provider's internal controls, and review it. Those with SOC reports are likely more sophisticated organizations that have had their processes and controls adequately scrutinized.
Coordination Among Key Players
The key players must work in concert at times, such as during an annual plan audit, which is generally required for plans with 100 or more participants. If an audit is required, audited plan financial statements are due to the IRS with the submission of Form 5500 by July 31, although this deadline can be extended (through submission of Form 5558) until Oct. 15.
To complete an audit, a certified public accountant (CPA) must collect information from the plan's service providers, who must ensure the information they provide is accurate and can be reconciled with the information provided from other key players. With regard to audits and other reporting and disclosure requirements, failure to coordinate or coordination delays among the key players can lead to compliance failures and penalties.
[SHRM members-only toolkit: Designing and Administering Defined Contribution Retirement Plans]
Changing a Service Provider
When the plan administrator replaces a service provider, the administrator must notify other key players and the successor service provider to discuss what pertinent information should be collected from the departing provider before its service ends. This may include information about participants' accounts or information needed to prepare Form 5500 or the annual plan audit. Once the service of a provider ends, obtaining this information can be difficult.
If a plan changes the custodian of plan assets, for instance, the plan administrator must ensure that the sponsor has completed a reconciliation of the transfer of assets from one custodian to another.
Ultimately, the plan administrator and sponsor must ensure that the service providers are fulfilling their duties.
When selecting new service providers for a plan, consider more than just cost. Select vendors that are reliable, understand what is needed of them and can work well with other plan service providers.
Randall Wilson, CPA, CFE, is audit director at McDirmit Davis LLC in Orlando, Fla., and specializes in the audits of employee benefit plans.