Generally, the odds of receiving notice from the IRS or Department of Labor (DOL) that they plan to audit your retirement plan are slim. But if you’ve never considered the consequences of an audit, and that improbable event occurs, the chances that you’d emerge unscathed are even slimmer. Knowing what’s involved can enable you to stay on top of your legal and regulatory obligations and help you sail through an audit.

IRS vs. DOL audit

The IRS and the DOL have different areas of authority in policing retirement plans. In general, the DOL focuses on fiduciary breaches and “prohibited transactions” spelled out in ERISA. Generally, an audit may be triggered by a participant complaint, information provided on the annual Form 5500, or a participant inquiry to either agency regarding plan operation. The DOL can penalize and, in extreme cases, through the court system, jail offending fiduciaries.

The IRS, on the other hand, focuses on tax code violations. In a worst-case scenario, the IRS can “disqualify” a retirement plan, causing it to lose all tax benefits. The sponsor could be required to pay taxes on funds contributed to the retirement plan and investment earnings on plan assets, plus penalties and excise taxes.

Inviting an audit

Sometimes the agencies simply send out questionnaires to plan sponsors in their effort to determine plan administration areas worthy of focus by auditors. “Failure to respond to an IRS questionnaire is comparable to sending the IRS an invitation to audit your plan,” according to one ERISA attorney.

If the agency decides to audit your plan, you’ll receive a detailed “information request” from the agency. Here’s a nonexhaustive list of documents the agency may ask you to supply:

  • Plan documents, summary plan descriptions (SPDs) and summary annual reports,
  • Your plan’s investment policy statement, minutes of plan trustee and investment committee meetings, and a list of the trust’s receipts and disbursements,
  • A corporate organizational chart and board meeting minutes,
  • Service agreements and engagement letters with plan vendors,
  • A roster of parties-in-interest,
  • Participant statements,
  • Fee disclosure statements, and
  • Documentation of any fiduciary training the fiduciaries may have received.

If you need more time to gather the information, it’s imperative that you contact the agency and request an extension. Such an extension is common and generally provides for an additional 30 days to reply to the request for information.

After receiving the requested documents, the auditing agency might ask for more. Given that prospect, it might be tempting to just throw every scrap of paper pertinent to your plan into a box and ship it off, just to be sure you’ve covered all your bases.

Don’t give in to that temptation; send only what has been requested. Otherwise you might inadvertently give the IRS or DOL reason to examine an area that hadn’t been targeted.

Looking for errors

Common mistakes include failures to administer plan loans properly or enroll new participants on time. You may fail to adjust deferral and matching amounts following a change in a participant’s pay or neglect to make required efforts to track down “lost” participants who have vested benefits in your plan.

Auditors’ reviews often result in detection of an “operational error.” For example, your plan document might stipulate a 50% match on the first 6% of participant deferrals, but you have inadvertently only been matching the first 5%. Or you might be calculating matching contributions based on employees’ salary or base wages alone, but neglecting to include bonus income.

Given the complexity of administering even a safe harbor plan with limited bells and whistles, the potential for operational error is high. You might believe you’re administering your plan properly today, but it’s better to be safe than sorry. Even if you never face an audit, a participant may raise concerns of an operational error. The best way to head that off at the pass is to conduct an operational self-audit.

Getting it right

There’s no guarantee you’ll get it all right once and for all. For that reason, you might look into liability insurance that’s designed to make your plan “whole” again if you run into expensive trouble. The bottom line: Don’t wait until you receive an audit notification — it may be too late to clean up any messes that could get you into trouble.

Conducting Your Own Audit

It may be helpful to conduct an in-house operational self-audit from time to time. Start this by reading your plan document and summary plan description carefully. Then devise a set of questions about how certain tasks are being carried out, and/or sample participant records for compliance.

With that list in hand, interview the people administering your plan and look for any inconsistencies with your plan document. If you find any, it might not be sufficient just to correct them going forward. You might need to make adjustments retroactively to protect yourself and fulfill your fiduciary duties.

In addition to fixing any errors, determine the cause of any errors and take steps to minimize the possibility that they’ll occur again. Such steps can involve training and creating a training manual.

While you might be able to conduct this type of internal audit on your own, it’s best to hire a compliance consultant or ERISA attorney. They’ll review your self-audit thoroughly and objectively.


Headshot of Jenise Gaskin.

Related Insights