The Employee Retirement Income Security Act of 1974 (ERISA) is a federal law that sets minimum standards for most voluntarily-established pension and health plans in private industry. It is in place to provide protection for individuals who participate in these plans.
As such, small businesses that offer employee benefit plans must be sure that their plans meet the requirements of ERISA. To ensure that the plans do meet ERISA requirements, the Department of Labor's Employee Benefits Security Administration (EBSA) is the agency responsible for making sure that plan audits, which are conducted by CPAs, are properly conducted. And, according to Jeff Hadden, a partner with LHD Benefit Advisors, "It's not a matter of if you're ever going to get audited; it's a matter of when."
However, a May 28 EBSA report, titled "Assessing the Quality of Employee Benefit Plan Audits," suggests that a large percentage of audits that are conducted by the CPAs hired by businesses to conduct the audits have significant deficiencies that are putting a large number of plans and participants at risk, especially those managed by small employers.
Recommended For You
The American Institute of Certified Public Accountants (AICPA) anticipated the EBSA study results. "Poor audit work is a concern to us," said Sue Coffee, senior vice president for public practice and global alliances for AICPA. "It is unacceptable. It is something we take very seriously."
According to the ESBA report, more than 7,300 licensed CPAs nationwide audit more than 81,000 employee benefit plans. EBSA's review found that 61 percent of audits fully complied with professional auditing standards or had only minor deficiencies under professional standards. The remaining 39 percent of audits, though, contained what the ESBA termed as "major deficiencies," which put $653 billion and 22.5 million plan participants and beneficiaries at risk.
The report noted that, "There is a clear link between the number of employee benefit plan audits performed by a CPA and the quality of the audit work performed. Analysis of the data indicates a wide disparity between those CPAs who perform the fewest plan audits and those firms that perform the largest number of plan audits."
In specific, CPAs who performed the most plan audits annually had a deficiency rate of only 12 percent. However, CPAs who performed the fewest number of employee benefit plan audits annually had a whopping 76 percent deficiency rate. And, of course, most small businesses tend to have their audits completed by smaller CPA firms, ones that are likely to do only a small number of such audits each year.
The report added that, "CPA firms that were members of the American Institute of Certified Public Accountants' (AICPA) Employee Benefit Plan Audit Quality Center tended to produce audits that have fewer audit deficiencies."
The report identified 16 categories of possible audit deficiencies. The five most common are: "Internal Controls" (18.3% of audits had deficiencies in this category), "Contributions Received" (8.1%), "Benefit Payments" (7.8%), "Participant Data" (7.8%), and "Planning and Supervision" (7.0%).
In the category of "Internal Controls," the five most common specific problems (identified as "Unacceptable Major Finding"), are: "No/inadequate documentation of internal control environment" (52 instances), "Failure to access/document control risk" (37 instances), "No evidence of SOC1 report review and/or reliance" (37 instances), "No/inadequate evidence of fraud 'brainstorming'" (29 instances), and "Lack of documentation of risk assessment procedures" (27 instances).
"The existing patchwork of regulations and rules needs to be overhauled, and a meaningful enforcement mechanism needs to be created," said Assistant Secretary of Labor for Employee Benefits Security Phyllis C. Borzi. "The department is proposing, among other measures, legislation that will fix these problems." In specific, the report recommends that Congress amend the ERISA definition of "qualified public accountant" to include additional requirements and qualifications necessary to ensure the quality of plan audits. Under the proposal, the Secretary of Labor would be authorized to issue regulations concerning the qualification requirements.
The report also urges Congress to repeal the ERISA "limited scope" audit exemption and give the secretary the authority to define when a "limited scope" audit would be an acceptable substitute for a full audit. "When auditors have to issue a formal and unqualified opinion, they have a powerful incentive to rigorously adhere to professional standards, ensuring that their opinion can withstand scrutiny," said the report. "The 'limited scope' audit exemption undermines this incentive by limiting auditors' obligations to stand behind the plans' financial statements."
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
