plan auditors what are they thinking?...10/17/2016 1 plan auditors –what are they thinking?...
TRANSCRIPT
10/17/2016
1
PLAN AUDITORS – WHAT ARE THEY THINKING?
CariAnn J. Todd, CPASenior Manager
BeachFleischman, PCTucson, AZ and Phoenix, AZSatellite operations: Dallas, TX and Washington, DC
10/17/2016
2
PLAN AUDITORS – WHAT ARE THEY THINKING?
May 1 – When is the AICPA EBP Audit Guide going to get here?
June 1 – I love EBP audit season, this year is going to be great!
July 1 – Issued my first financial statement, so far so good!
August 1 – Do Sponsors ever read their plan documents, or just sign them?
September 1 – Holy $#!& it’s already September 1st???
October 1 – What time is happy hour?
What is an Audit?
• The objective is for the auditor to express an opinion as to whether the plan’s financial statements are presented fairly, in all material respects, and in conformity with U.S. generally accepted accounting principles (GAAP).
• The auditor plans and performs the audit to obtain reasonable assurance that material misstatements are detected.
10/17/2016
3
What is an Audit?
Potential disconnect …
The tangible result of the audit is the auditor’s
opinion on the financial statements, which
present plan-level data.
The path to the auditor’s opinion weaves its way
through participant-level data and plan compliance.
Phases of an Audit:• Pre-audit / planning
• Understanding internal controls
• Testing operational compliance and account balances
• Financial reporting
Other considerations:• Fiduciary responsibility
10/17/2016
4
Pre-Audit / Planning
Who Is in Charge?
An effective team, with one designated leader:- Sponsor- TPA or Recordkeeper- Trustee/Custodian- Auditor
Pre-Audit / Planning
Leadership of the Process = Audit Efficiency
Audit Efficiency =
• Less time on site
• Fewer delays waiting on information
• Timely completion of the audit
• Reasonable fees
10/17/2016
5
Pre-Audit / Planning
The Document Request Letter
• aka “PBC Letter” – prepared by the auditor
• Comprehensive list of information and documents needed by the auditor
• Each item should be assigned to a responsible party (Sponsor, TPA, Recordkeeper, Trustee, Custodian, etc.)
• Set deadlines for completion
Pre-Audit / Planning
Documents requested – 1st year
Plan Document – signed
Adoption Agreement – signed
Summary Plan Description
IRS Letter (advisory, opinion, etc.)
Contracts with service providers - signed
Participant enrollment package
List of participating employers
10/17/2016
6
Pre-Audit / Planning
Documents requested – Recurring
Plan amendments – signed
Correspondence with IRS or DOL
Meeting minutes for trustees, administrative committee, investment committee, etc.
Fidelity bond
Testing results
Pre-Audit / Planning
Documents requested – Recurring
Census, reconciled to payroll summary
Contributions summary, by pay period
Schedule of receivables
Schedule of investments
Certification (for limited-scope audit)
Schedule of loans
Schedule of payables
10/17/2016
7
Test of Deposits
Pre-Audit / Planning
Documents requested – Recurring
Schedule of distributions
Schedule of fees paid (by plan and by sponsor)
Participant accounts report
Bank statements and reconciliations
SOC1 Report for Service Providers
Actuarial reports
10/17/2016
8
Pre-Audit / Planning
Depending on the Auditor’s Risk Assessment and Audit Approach, pre-audit requests may also include preparation of confirmation letters for …
• Participant data
• Plan receivables
• Investments (in a full scope audit)
• Benefit payments
• Participant loans
Internal Controls
The auditor will consider internal controls for all of the following:
• Sponsor
• Recordkeeper
• TPA
• Custodian / Trustee
10/17/2016
9
Internal Controls
At the Sponsor level, gaining an understanding of internal controls may include:
• Inquiry
• Completion of checklists
• Walkthroughs of significant cycles
• Tests of controls
Internal Controls
• At the Sponsor level, gaining an understanding of internal controls provides the auditor with information necessary to assess risk and determine the extent of testing required for certain attributes.
• Example… the payroll cycle
10/17/2016
10
Internal Controls
• For service providers, gaining an understanding of internal control is most easily gained via review of a SOC1 Report
• In the absence of a SOC1, the auditor will determine procedures necessary to sufficiently understand the controls in place at the service organization
Internal Controls
• For service providers, the existence of internal controls, specifically as provided in a SOC1 report, allow the auditor to reduce, but not eliminate, the extent of substantive audit procedures performed
• Example… paperless transactions: investment elections, benefit payments, loans, etc.
10/17/2016
11
Audit Testing
• Each auditor will have their own audit approach to substantive testing of both compliance with the plan document and of account balances
• Extent of testing is determined by assessment of internal controls, assessment of risks, size of the plan (dollars and/or participant count) and prior audit experience
Audit Testing
Participant-level – generally on a sample
• Eligibility – demographics
• Compensation – in line with definition
• Participant contributions – deferral elections
• Employer contributions – formula/true-up
• Benefit payments – eligibility, amount and vesting
• Loans – eligibility
10/17/2016
12
Audit Testing
Plan-level
• Timeliness of deposits
• Contribution receivables
• Investment valuation
• Investment transactions (full scope)
• Liabilities
• Plan expenses
Financial Reporting
• Auditors’ report
• Financial statements
• Auditor required communications
• Management letter
10/17/2016
13
Financial Reporting
• Auditors’ Report: Limited Scope
– Disclaimer of opinion
– Only applies to investment information (no impact on procedures in other areas); allows auditor to rely on Plan level investment information
– Certification must be issued by a qualified party
• Bank, Trust Company, Thrift, Insurance Carrier regulated or supervised and examined by a federal or state agency
– Not accepted by the SEC
Financial Reporting
• Auditors’ Report: Full Scope
– Audit opinion allowed as engagement not limited under DOL regulations
– Requires the substantive testing of investment securities
• Valuation at plan year end
• Purchase and sale activity during the year
• Earnings on investments
10/17/2016
14
Financial Reporting
Service providers can assist with:
• Fair value information
• Details for contracts with insurance companies
• Plan amendments
• Subsequent events
• Tax status – IRS letter, VCP filings, etc.
• Related party or party-in-interest transactions
Financial Reporting
Service providers can assist with (continued):
• Use and availability of forfeitures
• Changes in actuarial assumptions
• Funding status / funding policy
• Partial or actual plan terminations
• Reconciliation of financial statements to Form 5500
10/17/2016
15
Financial Reporting
Required Auditor Communications – Matters to be communicated:
– Auditor’s responsibility under standards
– Planned scope and timing of the audit
– Significant findings from the audit
• Auditor’s view on qualitative aspects of significant accounting practices– Accounting policies
– Accounting estimates
– Financial statement disclosures
Financial Reporting
Required Auditor Communications – Matters to be communicated (continued):
Significant findings from the audit (con’t).
• Significant difficulties encountered
• Uncorrected misstatements
• Disagreements with management
• Other matters that are significant and relevant to those with oversight of the financial reporting process
10/17/2016
16
Financial Reporting
Required Auditor Communications – Matters to be communicated (continued):
• Corrected misstatements (posted adjustments)
• Representations the auditor requests from management
• Management’s consultation with other accountants
• Other significant correspondence with management
Financial Reporting
Management Letter
• An audit typically does not include tests of internal controls
• Auditors have a responsibility to
– Gain an understanding of the internal control environment in order to effectively plan the audit
• Interviews and questionnaires
• Walkthroughs
– Report identified deficiencies in internal control
10/17/2016
17
Financial Reporting
Management Letter
• Deficiency in internal control when the design or operation does not allow management to prevent, detect or correct a misstatement timely
– Design deficiencies
• Control is missing
• Control not properly designed
– Operation deficiencies
• Control not operated as designed
• Control not performed by appropriate person
Financial Reporting
Management Letter
• Findings categorized as follows:
– Material Weakness
– Significant Deficiency
– Control Deficiency
– Best Practices
10/17/2016
18
Management Letter
35
Material Weakness
• A deficiency or combination of deficiencies in internal control such that there is a reasonable possibility that a material misstatement of the financial statements will not be prevented or detected and corrected on a timely basis.
Significant Deficiency
• A deficiency or combination of deficiencies in internal control that is less severe than a material weakness, yet important enough to merit attention.
Management Letter
36
Control Deficiency
• A control deficiency exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect and correct misstatements on a timely basis.
Best Practice
• Suggestions for enhancements in internal control based on industry standards or other examples the auditor has witnessed in operation at other clients.
10/17/2016
19
Fiduciary Responsibility
• Generally there are no specific procedures aimed at “testing” whether plan management exhibits the appropriate level of fiduciary responsibility
• The management letter is a good indicator of how well plan management is or isn’t doing in this area
Fiduciary Responsibility
Things we look for:
• Are there minutes? Are they detailed?
• Are service providers monitored?
• Are investment offerings monitored and changed when appropriate?
• Is plan participation considered and encouraged?
• Are signed documents readily available?
• How are management letter comments received? Are the comments addressed timely?
10/17/2016
20
Miscellaneous
• I say po-tay-to, you say po-tah-to
• GAAP requires excess contributions to be recorded as a reduction to current year contributions
• Form 5500 instructions require them to be reported as corrective distributions, line 2f
• Auditor is instructed to add a reconciliation footnote to the financial statements for significant differences between the financial statements and the Form 5500
Miscellaneous
• Short period exception:If the first plan period is a short period of 7 months or less, and an audit is otherwise required, the audit of the short period can be deferred until the second period (the first full year).
• The initial audit will then be a dual period audit, which is more cost effective.
10/17/2016
21
Questions?
Thank you for coming today! Feel free to contact me directly with any follow-up
questions or [email protected]