Employee Benefit Plan Audits: The Current State and Future Direction Free

This paper examines the current state of audits of employee benefit plans (EBPs). Recent findings from the Department of Labor (DOL) have called into question the value as well as the quality of these critical audits. Sufficiency of evidence, procedures performed, documentation, and informative financial statement disclosures have been found specifically lacking for audits of employee benefit plans (United States Department of Labor Employee Benefits Security Administration 2015).

As a result, substantial changes have recently been proposed to address auditor performance and reporting requirements in audits of employee benefit plans. The changes will have a profound impact on the form and content of future audit reports. Significantly, whereas the DOL currently accepts disclaimers of opinions from auditors on limited scope audits, in the future auditors will no longer be afforded that option; they will be required to conclude in their report as to whether they have obtained reasonable assurance about whether the Employee Retirement Income Security Act of 1974 (ERISA) plan financial statements are free from material misstatement, whether due to fraud or error, and that the financial statements are fairly presented in accordance with the applicable financial reporting framework.

The audits of employee benefit plans are particularly unique and quite different from company financial statement audits. Benefit plans operate much differently than the day-to-day operations of a company. As such, areas such as participant testing and benefits testing are included in a benefit plan audit but not a company financial statement audit. Also, unique financial statement line items are incorporated into the financial statements of an employee benefit plan that are irrelevant to a company's financial statements. It follows that different factors affect audit quality of employee benefit plan audits than do financial statement audits. Therefore, understanding the uniqueness and responsibilities of employee benefit plan auditors is important for researchers, practitioners, regulators, and standard setters alike in order to investigate and improve audit quality.

This examination is significant because a substantial amount of individual personal assets is involved in employee benefit plans. According to the DOL, in fiscal year 2013, approximately $7.6 trillion in assets resided in retirement plans covered by ERISA for approximately 141 million workers. Common flaws in plans, conflicts of interest, and fraud can cost plan participants dearly (Pleven 2015). Additionally, more than 7,000 audit firms perform audits over a wide range of sizes and types of employee benefit plans. These statistics emphasize the imperativeness for an understanding of the current state of benefit plan audits to ensure quality throughout the audits and public protection of individual assets. Additionally, this investigation is important because there is minimal archival research as well as minimal specific authoritative standards in this area.¹ The archival research that does exist in this area focuses on estimates (e.g., Bauman and Shaw 2014; Hann, Lu, and Subramanyam 2007) and market reaction (e.g., Adams, Frank, and Perry 2011; Picconi 2006; Barth 1991). While a number of descriptive papers investigate employee benefit plan audits (i.e., Germano 2017; Etheridge 2016), limited extant academic literature exists on the audit quality of employee benefit plan audits. The recently proposed standard highlights the need for attention to be paid to these audits.

In this paper, I examine the existing oversight structure and current standards guiding employee benefit plan audits, review current statistics on employee benefit plan audit quality as reported from the DOL, discuss the proposed employee benefit plan audit reporting standard, and summarize with concluding remarks.

Auditors of employee benefit plans must comply with Generally Accepted Audit Standards (GAAS) as well as ERISA and DOL regulatory requirements. The Employee Benefits Security Administration (EBSA) is a department within the DOL designed to protect the integrity of employee benefits. The EBSA holds the responsibility of administering and enforcing Title I of ERISA (The Department of Treasury and the Pension Benefit Guaranty Corporation hold enforcement responsibilities for other portions of ERISA). Title I of ERISA deals with the reporting and disclosure requirements for employee benefit plans, among other things, with the primary objective of protection of plan participants. ERISA holds plan managers to a certain level of conduct, ensures plan funds are protected, and requires plan sponsors to provide plan information to participants, including audited financial statements. Under ERISA, employee benefit plans must file an annual report of their financial condition and operations. This contains a requirement for annual audits of plan financial statements by an independent, qualified public accountant. Generally, plans with 100 or more participants are subject to the audit requirement.

While ERISA requires an audit of plan financial statements and supplemental schedules, the DOL's regulatory authority does not extend to the ability to establish a financial reporting framework for preparing employee benefit plan financial statements. Further, the DOL's authority does not empower it to set auditing standards nor oversee auditors, unlike the congressional powers afforded the Public Company Accounting Oversight Board (PCAOB) with public company audits and the U.S. Government Accountability Office (GAO) with its Yellow Book directives over governmental audits.

Auditors of employee benefit plans must comply with Generally Accepted Accounting Standards (GAAS) to guide the conduct of the audit and ensure that plan financial statements are presented in conformity with generally accepted accounting principles (GAAP). The current standard setter that establishes these requirements is the AICPA's Auditing Standards Board (ASB) for auditing standards and the Professional Ethics Executive Committee for independence and other ethical standards. Many audit standards and statements on audit standards are applicable, although not specific to employee benefit plan audits (e.g., AU-C 730 Required Supplementary Information, AU-C 540 Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures), but there is no current audit guidance specific to employee benefit plan financial statements. Current reporting guidance for reporting on employee benefit financial statements falls under AU-C Section 700 Forming an Opinion and Reporting on Financial Statements (AICPA 2016) and paragraph .09 of AU-C Section 725 Supplementary Information in Relation to the Financial Statements as a Whole (AICPA 2010).

As noted before, approximately $7.6 trillion in assets are held in retirement plans (United States Department of Labor Employee Benefits Security Administration 2017) with approximately 7,000 audit firms conducting audits of these vital plans (United States Department of Labor Employee Benefits Security Administration 2015). In 2014, the EBSA performed a significant review of employee benefit plan audits covered under ERISA for the 2011 plan year to investigate audit quality. The EBSA reported major audit deficiencies in 39 percent of all ERISA audits for 2011. In fact, the study states that “EBSA estimates that there were 22.5 million participants impacted by audits with one or more GAAS deficiencies” (United States Department of Labor Employee Benefits Security Administration 2015, 1). Additionally, the study finds a positive association between audit quality and the number of employee benefit plan audits an audit firm performs. Further, the study suggests that higher-quality audits are associated with audit firms that have experience in the industry, and that auditors are inconsistent in the procedures performed to reconcile the audited financial statements and the DOL's Form 5500, Annual Return/Report of Employee Benefit Plan, that is filed with the IRS.

The primary deficiencies identified in the study were in the areas of internal controls, contributions, benefit payments, and participant data, which could be the result of a number of factors. For example, training associated with these audits is highly complex (Gillers and Lim 2017). Practitioners without sufficient appropriate training may misunderstand important unique concepts (Tysiac 2015). Lack of experience also appears to play a role, as 75 percent of the employee benefit plan audits that were audited by an audit firm that audits two or fewer benefit plans a year had major deficiencies. Similarly, the lack of specific guidance likely contributes to the deficiencies as well. For example, no official guidance exists for auditors on which procedures should be employed to complete and reconcile the Form 5500.

In response to the concerns highlighted in the DOL study, the ASB formed a special task force to consider a proposal to improve the quality of employee benefit plan audits. Notably, the DOL actively participated in the task force's deliberations and provided insights and recommendations in areas where the DOL believes auditor's performance and reporting can be strengthened. In April 2017, the ASB issued a proposal to adopt a Statement on Auditing Standards (SAS) to codify a new AU-C Section 703, Forming an Opinion and Reporting on the Financial Statements of Employee Benefit Plans Subject to ERISA (AICPA 2017). This proposed SAS would go into effect for plan financial statements ending on or after December 15, 2018. Currently, AU-C Section 700 Forming an Opinion and Reporting on Financial Statements (AICPA 2016) guides reporting on plan financial statements. The newly proposed SAS/AU-C would completely replace AU-C Section 700 for audits of plans subject to ERISA financial statement audits. The motivation behind the newly proposed SAS is to increase audit quality of employee benefit plans (EBPs) through increased transparency from the auditor reporting.

The proposed standard regarding reporting for ERISA-compliant employee benefit plan auditors is intended to “improve the quality of employee benefit plan audits by strengthening the employee benefit plan auditor's report” (AICPA 2017, 4). Following the DOL review, the Chief Accountant of the DOL called for increased audit quality via a new auditor reporting model for ERISA financial statement audits and more transparency for the public regarding management and auditor responsibilities. The new guidance attempts to respond to these specific requisites.

One main topic covered by the proposed guidance is the elimination of disclaimers of opinion on limited scope audits that are currently accepted under DOL regulations. While limited scope audits will still be allowed by the DOL, in the future, explicit procedures and report modifications will be required as outlined in the proposed SAS. Auditors will need to specifically determine if scope limitations are permissible. To do that, auditors will need to closely assess the certification of investment information, which includes reading the certification particularly as it pertains to the investments disclosed by the plan and evaluating the financial institution issuing the certification to ensure they qualify under DOL regulations as a certifying institution. As for report modifications, language in the introductory paragraph will alert the user that a limited scope audit as permitted by ERISA was conducted. The report will also include an entire section discussing the basis for performing a limited scope audit. The requirements of this section include discussion of the DOL's limited scope audit rules under ERISA, a statement of receipt of certification of the qualified institution, and the separate responsibilities of management and the auditor in a limited scope audit.

The ASB's proposed SAS mandates several new auditing procedures for employee benefit plan financial statements. These procedures focus on ensuring that the plan and the transactions of the plan are in line with the underlying plan instrument. Auditors are required to perform specific procedures regarding eligibility, benefit payments, vesting provisions, employer and employee contributions, asset allocation to participant accounts, forfeitures, expenses, prohibited transactions, distributions, and loans. The auditor is to perform procedures to ensure these plan facets are administered in accordance with the plan instrument. Findings from the auditor's procedures should be evaluated for possible effect on the ERISA plan financial statements, and considerations should be made and reported upon with respect to possible internal control deficiencies.

Another portion of the guidance identifies situations in which an emphasis of matter paragraph will be required in the auditor's report. For instance, if minimum funding waivers granted by the IRS are disclosed in the notes to the financials, the new guidance requires an emphasis of matter paragraph be added to the auditor's report. Additionally, significant plan amendments that affect net assets and significant changes to the nature of the plan constitute the requirement for an emphasis of matter paragraph.

Finally, the proposed guidance calls for the auditor to perform specific procedures surrounding the Form 5500. It calls for obtaining the Form 5500 from management prior to the report release date to enable the auditor to read the Form 5500 and identify any material inconsistencies between the Form 5500 and the financial statements. Material inconsistencies could call for revisions to either the financials or the Form 5500 to bring them in line with each other. If correct revisions are not made by management, the auditor must consider appropriately modifying the opinion.

In summary, the proposed guidance responds to concerns brought about by the DOL review of employee benefit plan audits. Through this guidance, which is employee benefit plan specific, a new reporting model will be introduced and more transparency regarding management and auditor responsibilities will be achieved. Ultimately, this proposal aims to increase audit quality for employee benefit plan audits through increased transparency in the auditor reporting, which has been lacking.

Several comment letters were submitted regarding the limitations surrounding this proposed SAS. A common critique among national audit firms was that this SAS extends auditor responsibility beyond what is required by ERISA and the DOL, which they deem unnecessary. In addition, the SAS calls for testing irrespective of the risks of material misstatement, which is counter-intuitive to the audit process in general. Finally, many letters from audit firms noted that while this SAS is a good attempt at improving audit quality through transparency, application is the main problem (i.e., there will still be practitioners who do not adhere to the standard). These critiques highlight the possible limitations of the new proposed standard.

The purpose of this paper is to enlighten researchers and practitioners on the current state of employee benefit plan audits and the likely changes in performance and reporting standards that are intended to increase the quality of these audits. Employee benefit plans are vital components of our economic system and are a critical employment and retirement consideration for many individuals and the organizations that employ them. The audit of an employee benefit plan can pose many challenges, as the transactions and financial statement components are quite different from those of a typical financial statement audit. The DOL review of employee benefit plan audits identified significant problems that exist in this sector regarding audit quality. The recent proposal in the form of a new SAS attempts to provide specific employee benefit plan audit guidance to practitioners and, therefore, increase the quality of these audits.

Prior to the newly proposed SAS, sparse employee benefit plan-specific guidance existed for procedures or reporting requirements. The lack of research and guidance seems surprising given the fact that $7.6 trillion of individual assets reside in these plans (United States Department of Labor Employee Benefits Security Administration 2017). Many organizations including the AICPA, DOL, and the ASB have recognized the importance of the audits of these plans and have taken actions to improve audit quality. However, still more remains to be done. Research should be performed by academics that could provide more insight on the audit quality issues and more specifically isolate the problems. For example, a study surveying EBP audit partners from multiple firm types could provide opinions and suggestions from a real-world setting. Additionally, an archival study analyzing the determinants of EBP audit quality would afford researchers, practitioners, and standard setters valuable insight on what drives audit quality, or lack thereof, in this area. Standard setters and regulators are actively engaged in strengthening audit requirements to improve audit quality. Continued progress toward increased employee benefit audit quality is necessary and achievable through the participation of practitioners, standard setters, regulators, and researchers.