Please update your browser

You're using a version of Internet Explorer that isn't supported by Questia.
To get a better experience, go to one of these sites and get the latest
version of your preferred browser:

A Warning to CPAs on Employee Benefit Plan Audits

Article excerpt

A DOL report on an alarming number of mishandled audits.

What happens if employee benefit plan auditors and administrators fail to recognize these plans' uniqueness and the risks associated with them? They could risk failure to comply with established standards for these plans, as one report illustrates. A Department of Labor review of 1992 plan year audits found many of the plans did not comply with applicable generally accepted auditing standards and Employee Retirement Income Security Act requirements. This article discusses ways CPAs considering or performing such engagements can minimize the risks and steps the DOL and the American Institute of CPAs expect to take to improve the quality of these audits.

UNEVEN COMPLIANCE

The DOL's Pension and Welfare Benefit Administration examined a random sample of 267 employee benefit plan audits for the 1992 plan year. This review was a follow-up to one performed in 1987 by the DOL's Office of the Inspector General and aimed to ascertain the degree of compliance with applicable GAAS and selected ERISA reporting and disclosure requirements. While there has been some improvement in audit quality since 1987, it is clear that much remains to be done to raise the profession's overall performance in these areas to acceptable levels.

According to the DOL, 19% of the 1992 audits reviewed had one or more GAAS violations, down slightly from 23% in the 1987 review, and 33% had one or more ERISA reporting and disclosure violations, down significantly from 66% for 1987. Such exception rates mean there is a significant risk to plan administrators--who can face a $50,000 fine per audit--and for CPAs--who can be subject to disciplinary action by the AICPA and the state boards of accountancy. More important, these high exception rates pose a significant risk to and challenge for the accounting profession and the employee benefits industry since they can erode the level of public confidence in both and prompt increased government regulation.

GAAS VIOLATIONS

The DOL found that 50 (19%) of the plans had one or more GAAS violations, which ran the gamut. (See exhibit 1 on page 56.) Of the 86% that lacked adequate evidential matter, the most common deficiencies were in participant data, prohibited transactions, plan obligations, benefits payments and tax status. Unfortunately, a large number of these violations related to a failure to do or to document any audit work in the above areas. Lack of documentation was particularly prevalent regarding prohibited transactions, tax status, participant data, plan obligations, subsequent events, benefit payments and plan representations. Many of these failures may be due to a misunderstanding or misapplication of the ERISA limited-scope audit exception.

ERISA VIOLATIONS

The DOL found that 88 (33%) of the plans it reviewed had a variety of ERISA reporting and disclosure violations. (See exhibit 2 on page 56.) All of these violations related to application of certain ERISA requirements that apply to the vast majority of employee benefit plan audits.

The review results identified certain problems that resulted in poor audit quality irrespective of firm size, including failure to understand that employee benefit audits differ from other audits, viewing these audits as ancillary to the sponsor's audit, limited experience in performing employee benefit plan audits, engagements fees that don't reflect the applicable audit requirements and related risks and lack of adequate quality control processes and documentation standards.

A surprisingly large number of CPAs still view employee benefit plan audits as low-risk engagements--and many plan administrators see them as necessary evils. While generally there is less risk of financial statement misstatement in connection with such engagements than with many other types, the associated regulatory and business risks are higher. These plans must meet a number of specialized financial, operational and regulatory reporting requirements, and violation of applicable standards can result in substantial fines. …