The New Audit Rule (And More) With Mark Blackburn
If you haven’t already heard, retirement plan audit rules have recently been updated and it could affect your plan depending on how many participants you have. I pulled in Mark Blackburn of accounting firm LBMC to shed some light on the new rules, how SECURE 2.0 will affect the auditor industry, and more.
Changes To The Retirement Plan Audit Rule
Retirement plans are required to undergo a plan audit if they are of a certain size. If they’re a Large Plan filer for the 5500, they also need an audit from a qualified accounting firm. Small Plan filers do not. The small versus large filer limit used to be between 80-120 participants. Over 120 = large plan + audit, below 80 = small plan. (The 80-120 is where there was leeway. More on that in a moment.)
Now the change: The definition of “participant” is where the rule change has been applied. This won’t affect 2022 audits, but it will impact 2023 audits and beyond.
For 2022, a “participant” is defined as those participants with an account balance, as well as eligible employees who are not participating in the plan. 40 employees with an account balance and 100 employees eligible but not participating = 140 and required an audit. (This blog post gives more info on the old rule.)
For 2023, the definition of a “participant” includes ONLY those with an account balance. Using the example above, this drops the participant count down to 40 and back into small plan filer status.
This means that the number of participants is lower under the new definition. According to the DOL, this means that about 19,000-20,000 fewer plans will need to be audited for 2023. Any plan sponsor with less than 100 participants under the new definition as of January 1, 2023 won’t have to have an audit for the 2023 plan year.
Mark states that if you have less than 80 participants, you’re automatically a small plan; if you have less than 100 participants, you’re a small plan for all intents and purposes, but if you filed as a large plan previously, you can elect to file as a large plan again. The reality is, though, that most people would prefer not to go through the audit if they don’t have to (and Mark has learned to deal with that fact).
If you’re between 100-120 participants, and you’ve never been audited before, you have to go over 120 for the initial audit to be required. If you were not audited as a small plan the prior year, you can elect to not have the audit if you’re between 100-120. 120 is really the trigger point for that initial audit requirement, and then moving forward it depends on how many participants you have and what happened the prior year.
If you’re hovering in that 80-120 range of participants, talk with your advisor or recordkeeper – it’s possible you may have a lot of terminated participants with small account balances that may be subject to force-out rules. (SECURE 2.0 has changed the force-out rules, increasing it from $5000 to $7000.)
SECURE 2.0 & Auditing
Mark states that there was a lot of concern in the auditor community that the new law would make the audit requirement less strict. However, SECURE 2.0, does contain provisions in it that may cause those participant balance numbers to go up:
Long-term part-time employees will soon be able to participate in retirement plans
New plans started in 2023 or later will be required to have auto-enrollment in place by 2025
Both of these provisions will increase the number of participants in plans, which means it may just be a short reprieve from the audit, depending on the characteristics of your plan.
Audits: A Necessary But Useful Evil
No one loves the audit (except maybe the auditor), but they’re needed in order to ferret out errors and ultimately protect employee accounts. Mark starts with the adoption agreement for the plan document, then moves on to eligibility, vesting calculations, definition of compensation, timely remittance, etc. One concern is, if these things aren’t being looked at in the audit, is anybody looking at them? Best practices are to internally audit these definitions within your payroll system and check remittance.
Auditors may not catch all of the errors you’re making with your plan with their sample size, but they can catch quite a lot, so that the errors can be corrected before they snowball. Nobody wants to get a letter pointing out all the mistakes you’ve made with your plan, but if you know it’s coming as part of the audit, companies should use it to take a closer look at your plan operations to see how you can improve.
Changes To The Audit Opinion Letter
The audit opinion letter changed last year. It used to be that when you read the disclaimer of opinion, it sounded like the auditor really didn’t do much work. Now with the new opinion, it’s an actual audit opinion and the language better describes the audit process. If you didn’t notice a change to your opinion letter this year, you may need a new auditor (and you may be getting some correspondence from the DOL, as well).
A Word About Cybersecurity
Cybersecurity is becoming more of an issue as people have more access to information electronically. It’s been said that bank robbers go to where the money is – in the bank, and it’s no different with retirement plans as employees accumulate higher balances for their retirement. It’s important for plan sponsors to have a review process in place, and to stay alert. DOL has released cybersecurity tips aimed at both plan sponsors and employees, and recordkeepers are offering services like “dark web” monitoring. Auditors generally aren’t technology experts, so it’s up to you as the plan sponsor to monitor that aspect of your plan. You can find more cybersecurity tips here.
If you need a new auditor, or just want to talk about plans in general, you can reach Mark here.
Your retirement plan advisor should be helping you stay on top of participant count so if that hasn’t been a service you have been supported on and you’d like to discuss our services and how we help plan sponsors, contact us.