Browse The Auditing and Attestation (AUD)

DOL and ERISA Requirements

February 7, 2025 12 min read

Comprehensive overview of Department of Labor (DOL) and ERISA Requirements for Employee Benefit Plans (EBP) audits, focusing on Form 5500 filing, fiduciary responsibilities, limited-scope audits, and compliance with regulatory mandates under DOL and ERISA guidelines.

On this page

19.2 DOL and ERISA Requirements

Employee benefit plans (EBPs) in the United States are highly regulated under the Employee Retirement Income Security Act (ERISA) and the Department of Labor (DOL). One of the primary goals of ERISA is to protect the interests of plan participants and their beneficiaries by ensuring that plan fiduciaries uphold their responsibility to manage plan assets prudently. The Department of Labor enforces these requirements, including filing deadlines, audit mandates, and fiduciary obligations.

In this section, we explore the DOL and ERISA requirements that every plan sponsor and auditor should understand, including the annual Form 5500, fiduciary responsibilities, regulations regarding timeliness of contributions, and the conditions that permit “limited-scope audits.” By understanding these requirements, you will be better equipped to plan and conduct audits that comply with federal regulations, safeguard plan participants’ interests, and fulfill your professional responsibilities.

Overview of Key Requirements

The Form 5500 Filing

Most employee benefit plans must file an annual Form 5500 with the DOL and the Internal Revenue Service (IRS). This filing provides key information about the plan, its financial condition, operations, and compliance with related laws and regulations.

• Annual Filing Requirement: Plans meeting certain thresholds (generally those covering at least 100 participants at the beginning of the plan year and other criteria) are typically required to file the Form 5500 each year.
• Small Plan Exemption: Some “small plans” (generally under 100 participants) may be exempt from the audit requirement if they meet specific conditions (e.g., certain funding and bonding requirements).
• Auditor’s Opinion for Large Plans: If a plan does not qualify for the small plan exemption, an independent audit of the plan’s financial statements and certain supplemental schedules is required. The auditor’s opinion must be attached to Form 5500.

Below is a simplified diagram outlining the Form 5500 submission process:

    flowchart LR
	    A[Plan Sponsor] --> B{Prepare Form 5500}
	    B --> C[Include Required Schedules]
	    C --> D[Attach Auditor's Report (if required)]
	    D --> E[File with DOL/IRS]
	    E --> F[Plan Compliance Review & Oversight]

In this process, the plan sponsor gathers information about the plan—such as participant data, contributions, distributions, and plan investments—and works with auditors if an audit is required. Once everything is finalized, the Form 5500 and accompanying auditor’s report (if applicable) are filed electronically using the DOL’s EFAST2 system.

DOL Regulations

DOL regulations aim to protect plan participants by ensuring plan sponsors adhere to fiduciary standards and follow specific rules on timely contributions and accurate reporting. Key areas include:

  1. Timeliness of Contributions
    • Employee deferrals (e.g., 401(k) contributions) must be remitted to the plan’s trust accounts as soon as they can be reasonably segregated from the employer’s assets.
    • Delays in remitting employee contributions can lead to potential violations and may require additional disclosures or corrective action.

  2. Fiduciary Responsibilities
    • Plan sponsors and administrators are considered fiduciaries, meaning they must act solely in the interest of the plan participants and beneficiaries.
    • Fiduciaries must ensure that investments, vendor selections, and benefit payouts serve the participants’ best interests and comply with plan terms.

  3. Limited-Scope Audit Regulations
    • Under ERISA Section 103(a)(3)(C), if a qualified institution (e.g., bank or insurance company) certifies the accuracy of investment information, the auditor’s required testing of those investments can be reduced.
    Caution: Even in a limited-scope audit, auditors still must assess contributions, distributions, participant data, and other plan transactions or controls, ensuring no material misstatements exist outside of the certified investment information.

ERISA Protections

ERISA imposes various requirements to ensure plan assets are properly managed and participants’ benefits are protected:

• Exclusive Benefit Rule: Plan assets must be used solely for the benefit of participants and beneficiaries, not for the employer’s purposes or personal gain.
• Adequate Disclosures: Plans must provide participants with clear information about their investments, account balances, and plan features, often in the form of Summary Plan Descriptions (SPDs) and benefit statements.
• Vesting and Participation Standards: ERISA prescribes minimum standards for vesting (e.g., how quickly participants earn a nonforfeitable right to their benefits) and participation (e.g., eligibility rules).

Auditor Responsibilities in DOL and ERISA Context

Auditors must understand these regulatory requirements to design appropriate audit procedures. For example, when testing compliance with plan contribution rules, auditors may review payroll processing and bank transfers to ensure participant deferrals are remitted reliably and on time. Additionally, the auditor assesses whether sufficient evidence is obtained—either directly or through a qualified institution’s certification—to substantiate investment valuations and earnings.

Some real-world scenarios and considerations include:
• A plan sponsor who unknowingly remits employee deferrals late every payroll cycle may be subject to DOL scrutiny. The auditor’s procedures should detect such delays.
• A custodian’s certified investment information might not eliminate the auditor’s responsibility for verifying the overall completeness and reasonableness of the plan’s financial statements, especially for non-certified assets.
• If auditors detect possible fiduciary breaches, they may be required to communicate these findings to those charged with governance and potentially the DOL, depending on the nature and severity of the issue.

Practical Examples and Case Studies

  1. Late Deposit of Contributions
    • A medium-sized manufacturing company offers a 401(k) plan for employees. Due to the sponsor’s inefficient payroll system, the company frequently takes two to three weeks to deposit employee contributions into the plan trust. During the audit, the auditor discovers these delays, which exceed DOL guidelines. The plan’s management may have to correct these late deposits by making up for lost earnings and potentially alerting the DOL if corrections exceed de minimis thresholds.

  2. Limited-Scope Audit Certification
    • A financial institution holding the plan’s investments issues a certification covering the completeness and accuracy of the investment information. The auditor reduces testing in that area but continues to perform substantive procedures on participant contributions, distributions, loan balances, and other relevant plan transactions. The final financial statements still represent the plan’s entire financial position, and the auditor ensures the certified investments are properly disclosed.

  3. Fiduciary Breach Allegations
    • Employees accuse the plan sponsor of making imprudent investment selections that resulted in high fees and poor performance. The auditor is not responsible for judging the prudence of investments per se but does review the plan’s process for selecting these funds and discloses any potentially material noncompliance. If significant red flags suggest a fiduciary breach, the auditor consults professional standards and potential DOL reporting requirements.

Common Challenges, Best Practices, and Recommendations

• Challenge: Plan sponsors misunderstanding the limited-scope audit.
– Recommendation: Educate clients on the extent of auditor testing needed for non-certified areas and clarify that the auditor still requires sufficient documentation for contributions, distributions, and participant eligibility.

• Challenge: Late or incomplete data for the auditor.
– Recommendation: Encourage plan sponsors to streamline data collection and maintain well-organized records (e.g., payroll, investment statements, and participant data), reducing the risk of delays or audit findings.

• Challenge: Timely deposits of employee deferrals.
– Recommendation: Implement automated payroll systems that promptly segregate and transfer deferrals to the plan trust account. Perform periodic internal reviews to ensure compliance with DOL guidelines.

• Challenge: Fiduciary awareness.
– Recommendation: Provide fiduciary training for plan administrators. Remind them that investments should be monitored regularly for performance, fees, and suitability; keep detailed records of all committee decisions.

Glossary

Form 5500: An annual return/report that employee benefit plans file with the DOL and IRS to disclose financial information, investments, and compliance with ERISA.
Limited-Scope Audit: An audit in which the auditor may rely on a qualified institution’s certification of the plan’s investment information. The auditor must still audit other areas of the financial statements for accuracy and completeness.
Fiduciary Responsibility: The duty of plan administrators to act prudently and solely in the interest of plan participants, overseeing plan assets and ensuring compliance with plan documents and legal requirements.

References and Resources

Official References

• DOL “Employee Benefits Security Administration” (EBSA) Guidelines for Plan Audits
• ERISA Section 103(a)(3)(C) for Limited-Scope Audits

Additional Resources

• “AICPA Plan Advisory: Limited vs. Full-Scope EBP Audits.” This publication helps auditors and plan administrators understand the differences between limited-scope and full-scope audits.
• EBSA Checklists for Plan Sponsors and Auditors: Provides best practices for compliance and thorough documentation.

DOL and ERISA Requirements: Employee Benefit Plans Audit Quiz

### Under ERISA, what is the purpose of the Form 5500 filing requirement? - [x] To provide the DOL and the IRS with information about the plan’s financial condition and compliance. - [ ] To replace the plan’s annual financial statements. - [ ] To authorize the plan sponsor to avoid an audit requirement. - [ ] To report only the amount of participant deferrals. > **Explanation:** The Form 5500 is filed annually to disclose the plan’s financial status, investments, and compliance with ERISA. It does not replace financial statements; rather, it includes them (or a summary) if required. ### Which of the following statements about limited-scope audits is correct? - [x] A qualified institution’s certification of investments can reduce testing on those investments. - [ ] The auditor is not required to perform any testing on participant data. - [ ] The DOL no longer permits limited-scope audits. - [ ] Limited-scope audits require no auditor’s opinion. > **Explanation:** In a limited-scope audit, the auditor can rely on a qualified institution’s certification of investment information but still must audit all other relevant aspects of the plan. ### What happens when employee deferrals are not remitted to the plan’s trust account promptly? - [x] The plan sponsor may be in violation of DOL regulations and subject to corrective actions. - [ ] No specific DOL guidelines exist for employee deferrals. - [ ] The auditor must automatically issue an adverse opinion on the plan’s financial statements. - [ ] Participant accounts do not need to be credited with lost earnings. > **Explanation:** DOL regulations require employee contributions to be deposited into the plan trust as soon as reasonably possible. Delays may result in violations that could require corrective actions, including making up for lost earnings. ### Which best describes an ERISA fiduciary? - [x] An individual or entity acting solely in the interest of plan participants and beneficiaries with prudence and care. - [ ] A third-party administrator only responsible for recordkeeping. - [ ] A person who selects investments based on the sponsor’s personal goals. - [ ] Any individual that prepares Form 5500 or related schedules. > **Explanation:** Fiduciaries have the highest level of responsibility to act in the plan participants’ best interests. They must exercise prudence and abide by ERISA regulations. ### Select all penalties or consequences a plan sponsor might face for noncompliance with DOL regulations: - [x] Civil penalties and potential DOL enforcement actions. - [x] Possible requirement to make up lost earnings to participants. - [ ] Automatic termination of the plan. - [ ] No actions since ERISA does not allow for penalties. > **Explanation:** The DOL can impose penalties for noncompliance, such as late remittances or incomplete filings, requiring sponsors to correct issues and possibly pay monetary fines or lost earnings. ### Which plan would likely be exempt from the requirement of a full audit? - [x] A plan with fewer than 100 participants and meeting “small plan” exemption requirements. - [ ] A large plan covering 1,000 participants. - [ ] A plan that files a Form 5500 but has more than 120 participants. - [ ] No plan is ever exempt from a full audit. > **Explanation:** Plans typically under 100 participants may be exempt if certain conditions are met, commonly referred to as the “small plan” audit exemption. ### Under ERISA, which of the following is most accurate regarding vesting requirements? - [x] ERISA prescribes minimum vesting requirements to ensure participants earn nonforfeitable rights to their benefits. - [ ] ERISA never addresses vesting periods or eligibility standards. - [x] Plans must comply with minimum vesting schedules established by ERISA. - [ ] Vesting schedules are left entirely to the discretion of the plan sponsor without regulation. > **Explanation:** ERISA sets federal standards for maximum vesting periods and eligibility rules, ensuring participants eventually become fully vested in their benefits. ### If a plan’s investment information is certified by a qualified institution under a limited-scope audit, the auditor should: - [x] Rely on the certification but continue auditing contributions, distributions, participant data, and other aspects of the plan. - [ ] Perform no further procedures related to the plan’s financial statements. - [ ] Automatically issue an unqualified opinion with no additional testing. - [ ] Consider the entire plan exempt from financial statement audits. > **Explanation:** The limited-scope certification applies only to the investment information. The auditor must still obtain sufficient evidence regarding other major components of the financial statements. ### Which piece of information must the auditor typically obtain when auditing employee benefit plans subject to ERISA? - [x] A confirmation or detailed record of participant contributions. - [ ] Bank statements belonging solely to the plan sponsor. - [ ] Detailed tax returns of the plan sponsor’s executives. - [ ] Prospective budgets for the next fiscal year. > **Explanation:** Contributions are central to the plan’s operations, and auditors must verify these as part of ensuring the accuracy of the plan’s financial statements. ### ERISA regulations primarily aim to: - [x] Protect plan participants and beneficiaries by regulating plan operations, disclosures, and fiduciary duties. - [ ] Provide tax incentives to the plan sponsor exclusively. - [ ] Instruct auditors on how to perform single audits for federal awards. - [ ] Guarantee a specific minimum investment return for participants. > **Explanation:** ERISA was enacted to protect the rights and interests of plan participants by establishing fiduciary duties, minimum standards, and disclosure requirements.

For Additional Practice and Deeper Preparation

Auditing & Attestation CPA Mock Exams (AUD): Comprehensive Prep
• Tackle full-length mock exams designed to mirror real AUD questions—from risk assessment and ethics to internal control and substantive procedures.
• Refine your exam-day strategies with detailed, step-by-step solutions for every scenario.
• Explore in-depth rationales that reinforce understanding of higher-level concepts, giving you a decisive edge on test day.
• Boost confidence and reduce exam anxiety by building mastery of the wide-ranging AUD blueprint.

Disclaimer: This course is not endorsed by or affiliated with the AICPA, NASBA, or any official CPA Examination authority. All content is created solely for educational and preparatory purposes.

Fuad Efendi
View the page source Edit the page History
Saturday, February 22, 2025
19.1 Types of Employee Benefit Plans
19.3 EBP-Specific Audit Procedures