:: ERISA Plan Audits Scoring A Failing Grade

irst, the bad news: Three out of every 10 employee benefit plan audits in Maryland fail to meet minimum requirements for professional standards, according to the Department of Labor. That means more than $38 billion in Maryland plan assets are currently at risk due to deficient audits. . . . Maryland isn’t alone. Deficiency rates for the country as a whole are nearly as high. And thanks to a rule that will soon require 403(b) plans to be audited just as 401(k)s are today, the number of audits being done will soon rise by up to 10 percent, and DOL officials worry the number of deficient audits will rise with them.

Bill Sheridan, “ERISA audit deficiencies raise concerns” CPA Success Blog (May 20, 2008)

As part of its stated goal of providing benefits security, ERISA requires that an independent qualified public accountant (IQPA) perform an annual plan audit and that the accountant’s report be included as part of the plan’s annual report filed with the Department of Labor. Recent assessments have suggested deficiencies in the accomplishment of that objective.

The CPA Success blog provides a number of resources aimed at improving this state of affairs, but the substantial compliance gap is disconcerting. As to what constitutes a “deficient” audit, Bill Sheridan notes that Department of Labor Chief Accountant Ian Dingwall defines a deficient audit as one that is not done in accordance with generally accepted auditing standards: “These are the standards that are written by the accounting profession itself.”

Personally, it has long been my opinion that the plan audit, even when successfully accomplished by accounting standards, may still not do all that is needed. One only has to turn to the financial press to accumulate multiple examples of abuses that evidently went undetected by plan audits.

Take, for example, the cases involving insurance brokers and consultants steering clients in exchange for “contingent compensation”. These practices went on for years undetected by audit. In fact, come to think of it, are there any instances of a significant plan abuse that was detected through a plan audit?

The plan audit’s focus on internal financial accounting seems to fall short on evaluating reasonable compensation to the degree necessary to reach questions of service provider conflicts of interest. They could be designed to do so, and likely will be influenced in that direction by recent events, but I believe there will always be inherent limitations.

Conflict of interest due diligence requires searching questions into relationships that are, for some at least, unpleasant to ask at times. Avoiding the risk of litigation or regulatory difficulties nonetheless requires evaluation of such issues if the fiduciary hopes to attain the comfort of assurance that audits are intended to confer.

Note: For additional resources on conflict of interest due diligence, see the DOL guidance provided here and the list of service provider questions provided on the Due Diligence page.