IRS Places High Priority on Retirement Plan Internal Controls

When IRS examiners check under the hood of many retirement plans, they often find internal control deficiencies. The consequences can be severe, even if an IRS audit doesn’t turn up any other problems. The worst-case scenario would be the theft of plan assets, which would be financially damaging to participants and your company, and could also lead to plan disqualification.

Internal Controls and IRS Audits

Many times plan sponsors fall short with their internal controls because of a misunderstanding of their obligations vs. those handled by service providers. The IRS warns that hiring a service provider doesn’t relieve sponsors of their responsibility to keep their plan in compliance.

If the internal controls are inadequate, your plan can become ineligible to use the IRS Self-Correction Program (“SCP”). The SCP allows plans to fix insignificant operational errors at any time and preserve the plan’s tax-favored status without paying any fees.  In order to maintain eligibility to use the SCP, the plan sponsor must have routinely followed established procedures to operate the plan in compliance with the law.

In addition, when an IRS auditor determines that internal controls are weak, the auditor will likely conduct a more detailed audit than would otherwise have occurred. What’s more, if that closer look leads to the discovery of errors, the lack of adequate internal controls weakens your leverage to negotiate a favorable audit closing agreement with the IRS, such as a less-onerous penalty to resolve the case.

Internal Control Categories

The AICPA’s Employee Benefit Plan Audit Quality Center deems internal controls as “a process affected by plan management and other personnel charged with governance, and designed to provide reasonable assurance regarding the achievement of objectives in the reliability of financial reporting. A plan’s policies, procedures, organizational design and physical barriers are all part of the internal controls process.”

The key components of a comprehensive internal control system are as follows:

Segregation of Duties (SoD). This is fundamental to all internal control systems and includes the way your company’s invoices and receivables are processed, paid and accounted for. According to the AICPA, SoD “is based on shared responsibilities of a key process that disperses the critical functions of that process to more than one person or department. Without this separation in key processes, fraud and error risks are far less manageable.” SoD includes asset custody, authorization or approval of transactions, transaction reporting and reconciling, and security of participant data.

Reporting and reconciliation of plan assets, contributions and distributions. This includes ensuring the accuracy of participant benefit statements and asset valuation and the proper bonding of plan assets. Plans must reconcile cash disbursement records and match individual participant records to data reported by the asset custodian. Finally, ensuring the timeliness and accuracy of required regulatory filings and the proper recording of investment transactions, income and expenses.

Oversight of outsourced functions. Review the performance of your service providers against your service agreements and determine the causes of any deviations. In addition, review service providers’ own internal control procedures. Those are compiled in standardized reporting formats under the AICPA’s Service Organization Control (SOC) reports. A SOC 1 report evaluates controls at a service organization relevant to the plan’s internal control over financial reporting, whereas a SOC 2 report addresses controls pertinent to security, processing integrity, privacy and confidentiality.

Keys to Control

When reviewing the internal controls for your plan, make sure you consider the following questions:

  • Is participant enrollment consistent with plan documents?
  • Do contributions satisfy required amounts and are they within regulatory limits?
  • Were employer and employee contributions to employee accounts made on a timely basis?

In addition, the following control procedures should be in place:

  • Review hardship withdrawal requests for compliance with regulatory standards prior to disbursement.
  • Implement and follow a documented process for approving participant loans and ensuring that payments are being made according to amortization schedules.
  • Maintain records of correspondence with participants and former participants and periodically compare signatures on endorsed checks to original signatures on file.
  • Have a system in place to locate former participants with residual account balances who fall off the radar.

It’s Up to You

Effective internal controls and regular reviews of your control procedures can help prevent costly mistakes that can jeopardize your plan’s tax-favored status. Take the time to review and update yours now.

© 2016

Join Our Newsletter

Sign up to receive exclusive newsletters with the latest information affecting you and your organization.

Posted in