How DOL filing rules, ERISA fiduciary duties, Form 5500 reporting, and ERISA Section 103(a)(3)(C) elections shape employee benefit plan audits.
Employee benefit plan audits sit at the intersection of GAAS, ERISA, Department of Labor oversight, plan documents, and Form 5500 reporting. The audit is not just a financial statement exercise. It protects participants by testing whether plan assets, contributions, distributions, investments, and required schedules are presented properly and supported by plan records.
For AUD, the most important distinction is that management and plan administrators retain fiduciary responsibility. The auditor reports on the plan financial statements and required supplemental schedules, but management is responsible for the plan, the Form 5500, the financial statements, and any election to use ERISA Section 103(a)(3)(C).
flowchart TD
A["Plan subject to ERISA"] --> B{"Large plan audit required?"}
B -- "No or exempt" --> C["Form 5500 filing may still apply, but audit may not be required"]
B -- "Yes" --> D["Plan administrator prepares financial statements and supplemental schedules"]
D --> E{"ERISA Section 103(a)(3)(C) election?"}
E -- "No" --> F["Audit all material plan information under normal EBP audit approach"]
E -- "Yes" --> G["Evaluate qualified institution certification and audit noncertified information"]
F --> H["Auditor report attached to Form 5500"]
G --> H
Form 5500 is the annual return/report used by employee benefit plans to report financial, operational, and compliance information to federal agencies and provide public disclosure. Plans generally file electronically through the DOL’s EFAST2 system.
| Requirement | Exam significance |
|---|---|
| Form 5500 filing | The plan administrator reports plan information, schedules, and attachments. |
| Large plan audit | Federal law generally requires plans with 100 or more participants to include an audit as part of the annual filing obligation, subject to detailed rules and exceptions. |
| Small plan exemption | Certain smaller plans may avoid the audit requirement if they meet applicable conditions. |
| Auditor’s report attachment | When an audit is required, the independent qualified public accountant’s report becomes part of the annual filing package. |
| Supplemental schedules | Certain ERISA-required schedules are audited and reported on with the plan financial statements. |
The participant count rule is an exam cue, not a substitute for reading the Form 5500 instructions in practice. For AUD, know that large plans commonly need an audit and small plans may qualify for an exemption.
ERISA imposes fiduciary duties on people who exercise authority or control over plan management, plan assets, administration, or investment decisions. Fiduciaries must act for participants and beneficiaries, not for the sponsor’s convenience.
| Fiduciary duty | What it means for the audit |
|---|---|
| Loyalty | Plan assets must be used for participants and beneficiaries, not for employer operating needs. |
| Prudence | Investment selection, monitoring, service-provider oversight, and administration should be reasonable and documented. |
| Follow plan documents | Operations should match the written plan terms unless those terms conflict with law. |
| Diversification | Investment policy and monitoring may be relevant when plan assets are concentrated. |
| Reasonable expenses | Fees paid from plan assets should be permitted and supported. |
The auditor does not become the plan fiduciary. The auditor evaluates evidence, reports under professional standards, and communicates reportable findings when required.
Employee deferrals are plan assets once they can reasonably be segregated from the employer’s general assets. Late deposits can create prohibited transactions and lost earnings owed to participants.
| Area | Auditor focus |
|---|---|
| Employee deferrals | Trace payroll withholdings to the trust or custodian and test timeliness. |
| Employer contributions | Recalculate matches or profit-sharing contributions under the plan document. |
| Loan repayments | Trace payroll deductions to participant loan records and plan deposits. |
| Eligibility | Test whether eligible employees were admitted and ineligible employees were excluded under plan terms. |
| Vesting | Recalculate service credits and vested percentages. |
A sponsor’s payroll process often drives EBP risk. If payroll records, HR eligibility files, and plan recordkeeper data do not reconcile, participant accounts and financial statements may be misstated.
What used to be called a limited-scope audit is now commonly described under the current auditing standard as an ERISA Section 103(a)(3)(C) audit. The plan administrator may elect this approach when a qualified institution certifies certain investment information as complete and accurate.
| Point | Current audit implication |
|---|---|
| Qualified institution | The certification must come from an eligible bank, insurance carrier, or similar qualified institution. |
| Certified investment information | The auditor performs procedures required for certified information, but the audit does not extend to that certified investment information in the same way as a non-103(a)(3)(C) audit. |
| Noncertified information | Contributions, distributions, participant data, administrative expenses, plan obligations, and other noncertified information remain subject to audit. |
| Management responsibilities | Management must determine that the election is permissible and that the certification is proper. |
| Report model | The report describes the scope and nature of the ERISA Section 103(a)(3)(C) audit and includes the required opinion structure rather than treating the election as a simple audit-scope limitation. |
Do not answer old-style questions by saying the auditor performs no work. The election affects certified investment information; it does not remove the audit of the plan’s other material financial statement areas.
The auditor’s responsibilities in an EBP audit include more than agreeing a few investment statements. The auditor must understand the plan, relevant plan provisions, the reporting framework, and the election made by management.
| Responsibility | What the auditor does |
|---|---|
| Engagement acceptance | Determines whether preconditions for the audit are present, including management responsibilities. |
| Plan provisions | Reads the plan document and amendments to identify eligibility, contribution, vesting, distribution, and loan rules. |
| Risk assessment | Identifies risks in contributions, participant data, investments, benefit payments, and compliance-sensitive areas. |
| Form 5500 awareness | Reads the Form 5500 for material inconsistencies with audited financial statements. |
| Supplemental schedules | Performs required procedures and reports on ERISA-required supplemental schedules. |
| Reportable findings | Communicates significant findings to management and those charged with governance. |
The plan document is a primary audit source. If operations differ from the document, the auditor evaluates whether the financial statements, disclosures, compliance reporting, or required communications are affected.
Use this sequence for DOL and ERISA questions: