Did you know that if an auditor detects discrepancies or deficiencies while performing an employee benefit plan audit, the auditor will communicate these to the plan sponsor in a management letter included with the audit? Management letters detail internal control-related problems or the failure of plan sponsors to fulfill their fiduciary duties. It’s important to address any items listed in the management letter promptly. Otherwise, errors could magnify and become more problematic and costly in the long run.
ERISA defines a fiduciary as a person who performs one of the following duties:
- Exercises discretionary authority or control over the management of an employee benefit plan or the disposition of the plan’s assets
- Advises on plan funds or property for a fee or compensation, or has the authority to do so
- Has discretionary authority or responsibility in plan administration
- Is designated by a named fiduciary to carry out fiduciary responsibility
According to the ERISA Prudent Person/Exclusive Benefit Rule, fiduciaries are required to “discharge their duties solely in the interest of plan participants and beneficiaries and for the exclusive purpose of providing benefits for them while defraying reasonable plan administrative expenses.”
More specifically, fiduciaries must perform their duties with the “care, skill, prudence, and diligence of a prudent person under the circumstances.” Duties must also be performed “in accordance with the plan documents and instruments” and fiduciaries must diversify plan investments “so as to minimize risk of loss under the circumstances.”
While ERISA doesn’t specify a degree of concentration that would violate the diversification requirement, it does state that fiduciaries should consider a few specific factors when making investment decisions:
- The portfolio’s composition with respect to diversification
- The portfolio’s liquidity and current return relative to the plan’s anticipated cash flow requirements
- The risk of loss associated with plan investments
- The projected return of the portfolio relative to the plan’s funding objectives
Among the most common fiduciary duties of employee benefit plan sponsors are to review and reconcile plan statements, conduct investment team meetings, remit employee deposits on a timely basis, review plan investment options and performance, send required annual disclosure to plan participants, and follow the plan documents.
Some plan sponsors hire third-party administrators (TPAs) to perform some of these duties, such as sending out annual disclosures. However, it remains the sponsor’s fiduciary duty to ensure that disclosures are sent on time.
Internal Control-Related Matters
Auditors are required to communicate to plan sponsors certain internal control deficiencies that are identified during an audit. These exist when the design or operation of a control does not allow management or employees to prevent, or detect and correct, misstatements on a timely basis. Internal control deficiencies can be categorized as one of the following:
Material Weakness – This is a deficiency, or combination of deficiencies, in internal control in which there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis.
Significant Deficiency –This is a deficiency or a combination of deficiencies, that is less severe than a material weakness but important enough to merit attention by those charged with plan governance.
Internal control deficiencies can be deficiencies in design or operation. A deficiency in design exists when a control necessary to meet the control objectives is missing or an existing control is not properly designed so that, even if the control operates as designed, the control objective would not be met.
Meanwhile, a deficiency in operation exists when a properly designed control does not operate as designed or the person performing the control does not possess the necessary authority or competence to perform the control effectively.
Streamline Plan Audits
Carefully reviewing the management letter can yield additional benefits beyond addressing fiduciary- and internal control-related matters. Management letters often contain guidance and suggestions for improving plan policies and procedures and boosting efficiency.
For example, by reconciling employee deposits on a monthly or quarterly basis, you might be able to identify and correct errors before they’re spotted by the auditor. This can streamline the audit and potentially reduce audit costs.
Have questions about audit management letters? We Can Help.
Holtzman’s team of Audit & Assurance professionals can help meet your employee benefit plan’s annual audit and filing requirements and work to protect the plan’s integrity. We are an AICPA Employee Benefit Plan Audit Quality Center Member that audits 100+ plans representing over 160,000 participants and plan assets over $4.3 billion. Our goal is to provide value throughout the employee benefit plan process, help to identify risk areas, and how to put best practices into place to support your business. Learn about our full suite of employee benefit plan services and get in touch today!
- Auditing Standards: Why You Should Get Ready for SAS 136
- Form 5500 Requirements: What is the auditor’s responsibility?
- Common 401K Errors: Untimely Remittances of Employee Contributions
- Common 401K Errors: The Importance of Accurate Employee Census Data
- Employee Benefit Plan Audits: A Deep Dive
- Make Sure Your Annual Census Report Is Accurate
- Full-scope vs. Limited-scope Audits