Employee benefit plan audit checklist: examples, types & how to prepare

Benefit plan audits might not top your list of fun tasks-but staying ahead of them can save you major headaches if the Department of Labor ever comes knocking..

The truth is, most HR professionals and finance teams find benefit plan audits stressful and time-consuming, but they’re a critical part of maintaining compliance and financial integrity. Behind the paperwork and compliance requirements lies something crucial: protecting your employees' financial future and your company's reputation.

Modern benefit plans have evolved far beyond the simple pension schemes of decades past. Right now, we have a long list of benefits like 401(k)s, HSAs, FSAs, and specialized accounts that require proper oversight, not just to check regulatory boxes, but to build the foundation of trust your benefits program depends on.

This article talks about the often-intimidating world of benefit plan audits into practical, manageable steps. We've consulted with compliance experts, veteran HR directors, and auditors themselves to create a roadmap that transforms this necessary process from a dreaded obligation into a strategic advantage for your benefits program. Here’s everything you need to know about preparing for employee benefit plan audits.

Key takeaways

• Employee benefit plan audits verify compliance with ERISA and IRS regulations, ensuring financial integrity and protecting your company and employees.
• There are several types of audits, 403(b), ESOP, and healthcare/wellness plans, each triggered by different organizational and regulatory events.
• Self-audits, thorough document prep, and strong internal controls significantly streamline the audit process and reduce compliance risks.
• Key audit focus areas include participant data accuracy, financial statement reconciliation, compliance testing, internal controls, and fiduciary governance.
• Common findings include late deferrals, incorrect plan operations, insufficient fidelity bonds, missed notices, and delinquent Form 5500 filings, each requiring prompt corrective action.
• Forma simplifies benefit compliance through automation, document centralization, and compliance tools, reducing administrative burdens and helping HR and finance teams stay proactive, not reactive. <span class="text-style-link text-color-blue" fs-mirrorclick-element="trigger" role="button">Schedule a demo today</span>

What is an employee benefit plan audit?

An employee benefit plan audit is a comprehensive examination of a company's employee benefit programs, such as retirement plans, health insurance, and welfare benefits. 

The primary purpose of an audit is to verify that the plans comply with applicable laws and regulations, including the Employee Retirement Income Security Act (ERISA) and Internal Revenue Service (IRS) rules.

Beyond compliance, an audit also assesses the financial integrity of the plans, ensuring that assets are properly safeguarded and transactions are accurately reported. This process involves reviewing plan documents, testing participant data and transactions, and evaluating internal controls and governance practices.

Types of employee benefit plan audits

Understanding the different types of employee benefit plan audits is essential for ensuring compliance, accuracy, and financial transparency. Here’s a breakdown of the most common audit categories and when they apply.

1. 403(b) Plan Audits

These audits apply to retirement plans offered by public schools, non-profits, and certain religious organizations. They are usually required after tax season or when there are concerns about mismanagement. 

For organizations with limited administrative resources, 403(b) audits are essential to verify that both employee and employer contributions are being handled correctly and in compliance with legal requirements.

2. Employee Stock Ownership Plan (ESOP) Audits

ESOP audits assess whether companies offering stock options to employees are doing so fairly and in accordance with plan guidelines. A significant change in employee enrollment may trigger such an audit. 

The goal is to confirm that employees are receiving the correct value and equity in the business, especially if the company is growing or profitable.

3. Healthcare and Wellness Benefit Audits

These audits evaluate the structure and compliance of employer-sponsored healthcare plans and wellness initiatives such as gym stipends, mental health counseling, or preventive care incentives. They often occur in response to legislative changes or rapid company growth that necessitates new healthcare coverage. 

The audits ensure alignment with healthcare laws and that employees are receiving the benefits they are entitled to.

How to prepare for an employee benefit plan audit

Preparing for an employee benefit plan audit involves several key steps to ensure a smooth and thorough review process.

1. Conducting a self-audit

Before a formal audit begins, conducting a self-audit is a proactive way to identify and resolve potential issues in your employee benefit plan. While a self-audit doesn’t replace the external audit required under ERISA or by the IRS, it helps ensure that your records, processes, and internal controls are audit-ready. Start by reviewing plan documents to ensure they align with actual practices. This includes eligibility rules, contribution limits, vesting schedules, and participant communications.

Next, verify that all participant data is accurate and complete, including salary deferrals, employer matches, and loan repayments if applicable. Check for timely remittance of employee contributions, as delays can trigger compliance issues. Review your plan’s financial transactions, administrative procedures, and service provider reports to confirm consistency and accuracy.

Self-audits also provide an opportunity to assess internal controls, identify training needs, and correct errors early. Organizations that conduct self-audits regularly are better positioned for a smooth, efficient external audit with fewer surprises or delays.

2. Compile and review critical plan documents

If you’ve already conducted a self-audit and want to start preparing for the real deal, gathering essential documentation is one of the first tasks in audit preparation. This includes executed copies of the latest plan documents, adoption agreements, and amendments. 

You should also collect summary plan descriptions (SPDs) that outline eligibility, benefits, and claims procedures for participants. IRS determination letters proving the plan's tax-qualified status and service provider contracts detailing fee schedules and service scope are important as well.

Auditors will cross-reference these documents with operational practices to identify discrepancies. For example, if the plan document stipulates immediate eligibility for employees working 1,000 hours annually, the auditor will test payroll records to confirm correct enrollment.

3. Assess internal controls

Effective internal controls prevent errors and fraud. Key controls to document include:

• Contribution remittance processes that ensure employee deferrals and employer contributions are withheld accurately and remitted promptly. Delayed remittances trigger DOL penalties, even if unintentional.
• Participant data management systems that track eligibility, vesting, and distributions, with reconciliations between payroll and plan records.
• Investment oversight mechanisms for monitoring performance, fees, and compliance with stated objectives.

Maintain logs detailing these controls, including sample transactions and exception reports. For instance, a log might document how loan repayments are deducted from payroll and applied to participant accounts.

4. Organize audit support

Designate an audit liaison to serve as the primary point of contact for the auditor. This person should have a comprehensive understanding of the plan's operations and access to necessary records.

Establish a timeline for the audit process, including key milestones such as the initial planning meeting, fieldwork dates, and expected delivery of the audit report. This helps ensure all parties are aligned on expectations and deadlines.

Prepare a document request list based on the auditor's needs. This typically includes items such as:

• Plan financial statements and trustee reports
• Participant census data and payroll records
• Distribution and loan documentation
• Meeting minutes and resolutions related to plan governance

Organizing these materials in advance streamlines the audit process and demonstrates your commitment to transparency and cooperation.

5. Audit findings and corrective actions

During the audit process, auditors may identify issues or deficiencies in the plan's operations. Common findings include late remittance of employee deferrals, missing or incomplete documentation, and errors in participant data or transactions.

When audit findings arise, it's important to work with the auditor to develop a corrective action plan. This may involve updating plan procedures, amending plan documents, or making additional filings with regulatory agencies. In some cases, you may need to make corrective distributions or restore losses to the plan.

Addressing audit findings promptly demonstrates your commitment to maintaining the integrity of the employee benefit plan. It also helps prevent minor issues from escalating into larger problems that could result in penalties or legal action.

Key areas to focus on in an employee benefit plan audit

When it comes to benefit plan audits, there are certain areas that auditors tend to focus on more than others. Here are some areas you should definitely pay attention to.

Participant data and transactions

Auditors will test samples of participant data and transactions to verify accuracy and adherence to plan provisions. This includes reviewing eligibility determinations, contribution calculations, distribution processing, and vesting computations. 

Auditors may also compare payroll records to plan allocations to ensure deferrals and employer contributions are correctly applied.

Financial statement verification

The audit process involves reconciling financial statements with supporting documentation. Auditors will compare trustee reports to the plan's general ledger, confirm investment valuations, and verify the accuracy of contributions receivable. 

They may also test benefit payments and administrative expenses to ensure proper recording and classification.

Compliance testing

Auditors assess the plan's adherence to applicable laws and regulations. This includes reviewing non-discrimination testing results for 401(k) plans, verifying timely remittance of employee contributions, and confirming the distribution of required notices and disclosures to participants. 

Auditors also check that the plan maintains adequate ERISA fidelity bond coverage and has filed Form 5500 accurately and on time.

Internal control assessment

Evaluating internal controls is a critical component of an employee benefit plan audit. Auditors examine processes for enrolling participants, approving distributions, and reconciling accounts. They assess whether there is proper segregation of duties and review approval mechanisms for transactions. Auditors may also test system access controls and backup procedures to ensure data integrity and security.

Fiduciary governance review

Auditors review plan governance practices to verify that fiduciaries are meeting their responsibilities. This includes examining committee meeting minutes, assessing the reasonableness of plan fees through benchmarking studies, and reviewing investment performance monitoring reports. Auditors may also evaluate the process for selecting and monitoring service providers to ensure due diligence and oversight.

Common employee benefit plan audit findings

During an employee benefit plan audit, auditors may uncover various issues that require your attention and corrective action. Addressing these findings promptly helps maintain the integrity of your plan and demonstrates your commitment to compliance. 

Here are seven common audit findings and steps you can take to resolve them.

1. Late remittance of employee deferrals

Late remittance of employee deferrals is a frequent audit finding that can result in penalties and lost earnings for participants. The discovery of late remittances should prompt you to calculate the lost earnings using the Department of Labor's online calculator and deposit the funds into the plan as soon as possible. Your organization should implement controls to ensure future deferrals are remitted within the required timeframe, typically within seven business days of withholding from payroll.

2. Incorrect application of plan provisions

Auditors may find that plan provisions, such as eligibility or vesting rules, have been applied incorrectly. The appropriate response to this finding includes amending the plan document retroactively to align with actual practices or making corrective distributions to affected participants. A thorough review of your plan operations is necessary to identify the root cause of the errors and implement procedural changes to prevent recurrence.

3. Inadequate fidelity bond coverage

ERISA requires plan sponsors to maintain a fidelity bond that protects the plan against fraud or dishonesty by plan officials. Any indication that your bond coverage is insufficient should prompt you to increase the coverage to meet the minimum requirement, which is generally 10% of plan assets or $1,000 per participant, whichever is greater. Regular reviews of your bond coverage should be conducted to ensure it remains adequate as plan assets grow.

4. Missing or untimely participant notices

Failure to provide required participant notices, such as summary plan descriptions or fee disclosures, is another common audit finding. The proper response to missed or delayed notices involves distributing them to participants as soon as possible and documenting the distribution for your auditors. A systematic approach for tracking notice deadlines and a clear assignment of responsibility for timely preparation and distribution should be established by your team.

5. Lack of formal governance policies

Auditors may note the absence of formal governance policies, such as an investment policy statement (IPS) or committee charters. The purpose of an IPS is to outline the plan's investment objectives, selection criteria, and monitoring procedures, while committee charters define the roles and responsibilities of those involved in plan oversight. The adoption of these policies demonstrates prudent fiduciary decision-making and provides a framework for consistent plan governance.

6. Uncashed distribution checks

When participants fail to cash distribution checks, the funds remain in the plan and can create administrative challenges. Auditors will look for evidence of efforts to locate these participants and encourage them to cash their checks. Your team should attempt to contact the participants through various means, such as email, phone, or certified mail. The options for unsuccessful location attempts include remitting the funds to a state unclaimed property program or rolling them into an IRA on the participant's behalf.

7. Delinquent form 5500 filings

Filing Form 5500 late or with incomplete information is a red flag for auditors and can result in DOL penalties. The best approach for delinquent filings involves working with your auditor to prepare and submit the forms as quickly as possible. The DOL's Delinquent Filer Voluntary Compliance Program (DFVCP) may be considered to minimize penalties. A systematic process for gathering Form 5500 data throughout the year should be established to ensure timely and accurate filing going forward.

Closing thoughts - Partnering with Forma for simpler compliance

Forma helps you simplify employee benefit plan management by automating compliance, improving visibility, and reducing administrative overhead. With flexible tools tailored to your workforce, you can stay audit-ready year-round. From managing plan documents and participant data to tracking contributions, expenses, and communications, Forma serves as a centralized hub that ensures your benefit programs operate smoothly and in full compliance with ERISA and IRS standards.

For organizations facing increasing regulatory scrutiny or looking to scale their benefits offerings, Forma reduces complexity by taking the administrative burdens off your shoulders and supports proactive governance. Whether you’re preparing for a mandatory audit or conducting an internal review to optimize performance, Forma’s platform gives you the tools to identify gaps, mitigate risks, and implement improvements before issues arise.

Our solutions are designed to support benefits leaders, HR teams, and finance professionals in making data-driven decisions that align with fiduciary responsibilities and business goals. With Forma, you can demonstrate operational transparency, improve employee experiences, and maintain control over your entire benefits ecosystem, all from a single, intuitive platform.

Let us handle the complexities of your benefits administration. <span class="text-style-link text-color-blue" fs-mirrorclick-element="trigger" role="button">Schedule a demo today</span> today to learn more about how Forma can help your business.

*This document is for informational purposes. Forma is not engaged in the practice of law. Nothing contained herein is intended as tax or legal advice nor to replace tax or legal advice from counsel. If you need tax or legal advice, please consult with counsel or a certified tax professional.