EXECUTIVE
SUMMARY | The Department of
Labor requires employee benefit
plan (EBP) audits for employers with more
than 100 eligible plan participants and
some smaller plans. EBPs include
defined-benefit, defined-contribution,
401(k) and ESOP, health and welfare, and
vacation and severance plans sponsored by
a single company or several employers
under common ownership. Multiemployer
plans often include their attorneys and
actuaries at trustee meetings to help them
make decisions.
A well-developed
pension practice can convert
what’s often seen as a so-so CPA service
line into a very good business. Another
plus is that an EBP audit niche can
provide a firm with steady work from as
early as March to October. Once
launched, EBP practices remain
relatively intact because companies
don’t like to disrupt those areas. The
DOL will continue to monitor these
audits, so the niche is here to stay.
The keys to
developing a successful EBP
audit practice are to name a
niche champion, train staff thoroughly
and stay current on regulatory
developments. Set up lines of
communication to exchange timely
information with the client. Nothing
derails a schedule more than finding out
late in the engagement that a third
party failed to provide required
documentation.
There’s risk: If
auditor error or deficiency occurs,
the DOL can levy significant
fines and/or report firms to state
boards of accountancy and the AICPA
professional ethics division. Possible
disciplinary actions against responsible
parties include sanctions or loss of
license.
Largely paperless
audits are a fact of life.
Meetings with administrators and boards
of trustees used to be opportunities to
build client relations, but the Internet
and other technologies are reshaping the
profession by reducing face-to-face
contact with clients.
Michael Hayes
is a senior editor on the JofA
. Ms. Hayes is an employee of the
AICPA and her views, as expressed in
this article, do not necessarily
reflect the views of the Institute.
Official positions are determined
through certain specific committee
procedures, due process and
deliberation.
|
enefits auditing is
something of a sleeping giant,” says Thomas M.
Clifford, CPA, a Parente Randolph LLC partner in
Philadelphia. “There’s great potential for a firm
with a well-developed pension practice to convert
what’s often seen as a so-so service line into a
multi-million-dollar business that supports
several partners full-time.” Clifford
isn’t alone in seeing the opportunity. In this
article principals from large and small CPA firms
with strong employee benefit plan (EBP) audit
practices share niche-building tips.
IT'S A GROWTH AREA
The Department of Labor (DOL) requires all
employers with more than 100 eligible benefit plan
participants and certain smaller plans to conduct
EBP audits. More than 75,000 EBP audits are
conducted each year, and the market is good and
growing. “National firms preoccupied with
Sarbanes-Oxley are shedding lower-margin
engagements such as pension plans, or they are
pricing jobs so clients go elsewhere,” Clifford
says. And because benefit plans are separate
entities from the companies offering them, CPAs
can audit just the plan even if they don’t audit
the company’s financial statements. EBPs
for large and small public and private companies
and not-for-profits include defined-benefit,
defined-contribution, 401(k) and ESOP, health and
welfare, vacation and severance plans (see “ An EBP Glossary ”). They can be
sponsored by a single company or several employers
under common ownership (multiemployer), and many
companies have more than just one plan type.
Multiemployer plans make good clients because
they generally have large assets and are
responsive to auditor suggestions, says CPA David
Evangelista, a partner of Goldstein Lieberman
& Company LLC in Englewood Cliffs, N.J. He
considers EBP audit work genuinely enjoyable. “We
attend board meetings and see how labor and
management boards of trustees interact while
representing different sides, which is exciting,”
he says. “It’s very satisfying when they implement
our recommendations.”
RISK AND RESPONSIBILITY
The downside of an EBP audit practice is
that Department of Labor regulations create risk.
If a firm without sufficient knowledge fails to
properly perform the audit, the DOL can assess
fines on the plan administrator or sponsor. One
plan sponsor recently was fined $800,000. The DOL
also has the power to report firms to state boards
of accountancy and the AICPA professional ethics
division for investigation. Either could result in
disciplinary actions against the responsible
parties that include sanctions or loss of license.
Another problem is that clients don’t always
see EBP audits as important and tend to put them
off. Some companies simply want an audit report
for the cheapest price and balk at paying more for
quality. “Clients who refuse to recognize their
responsibilities toward their EBPs are a
problem—as are practitioners who ‘lowball’ by
charging inadequate fees that foster rushing the
job,” says CPA Robert L. Prator of Tarpley &
Underwood in Atlanta. “A good audit takes time.”
But performing the audit needs to be
cost-effective for the firm, too. Some firms bid
and set fees for each engagement year, sometimes
for several years, and have to be extra careful
about managing the time for the job.
Staffing is an issue, too. “It’s been hard to
attract and retain professionals to develop the
well-oiled-team approach that is such a
competitive strength in this niche,” says Bertha
Minnihan, CPA and audit partner at Mohler, Nixon
& Williams in Campbell, Calif. All the
firms interviewed here say the keys to developing
a successful EBP audit practice are to name a
niche champion, to obtain—and impart to staff—very
thorough training and to stay current on
regulatory developments. For help, the AICPA
Employee Benefit Plan Audit Quality Center offers
a centralized place to find resources to enhance
firms’ audit performance. Its online forum is a
place to share EBP best practices and locate the
latest information on audit developments (see “ AICPA Resources ”).
| An EBP
Glossary
ERISA : The
Employee Retirement Income
Security Act (ERISA) sets
minimum standards for most
voluntarily established
pension and health plans.
ESOP :
Employee stock ownership plans
are benefit plans that require
a company’s employees to
become owners of its stock.
ESOPs are the only qualified
employee benefit plans that
may borrow money.
Fiduciary : A
person or entity in a
relationship of trust with
respect to the rights,
property or interests of
another. A fiduciary must act
for the benefit of the party
to whom he or she is
responsible to the exclusion
of any contrary interest.
Form 5500 :
Part of ERISA’s annual
reporting requirements and
disclosure framework under
Title I and Title IV and under
the Internal Revenue Code.
Multiemployer plan
: Defined-benefit
plans maintained by two or
more employers under common
ownership and collectively
bargained. Most multiemployer
plans are required to have an
equal number of employer and
union representatives on the
board of trustees. They often
are subject to more rules than
single employer plans are.
Recordkeeper
: A records
management service to track
vital retirement plan
administration transactions,
forms and documents.
SAS no. 70 :
Statement on Auditing
Standards (SAS) No. 70,
Service Organizations,
addresses audit
requirements for service
organizations that are hosts
or processors of data
belonging to their customers.
SAS no. 99 :
Statement on Auditing
Standards No. 99,
Consideration of Fraud
in a Financial Statement
Audit, helps auditors
determine whether financial
statements are free of
material misstatement due to
error or fraud.
Third-party
administrator :
Outsourcing service for
tracking and managing benefit
plans.
| |
BENEFITS OF EXCELLENCE
Another plus is that an EBP niche can
provide a firm with steady work from as early as
March to October, depending on client extensions.
Clients aren’t fickle, either. A company’s human
resources, corporate accounting and treasury
departments are the most affected during an EBP
audit—so once launched, EBP practices remain
relatively intact because companies don’t like to
disrupt those areas, Clifford says.
Minnihan agrees. “You get to know the HR
professionals in your community,” she says. “Do
excellent work and they’ll seek you out when they
change jobs.” Here are some practitioners’
tips on how to do just that.
Anita Baker, CPA Larson, Allen,
Weishair & Co., LLP Scottsdale, Ariz.
W hen Anita Baker joined Larson
Allen Weishair in the 1980s, nonspecialist
partners performed its EBP audits and the primary
resource was the Employee Benefit Plans—AICPA
Audit and Accounting Guide. Now the firm
employs more than 800 people, and Baker heads a
dedicated EBP practice that uses more than 60
auditors between April and October. Auditors get
answers from Web sites such as the AICPA Employee
Benefit Plan Audit Quality Center, whose executive
committee Baker chairs. “Consolidating our group
improved audit quality,” she says.
Best practices. The firm
gives audit staff two days of in-house training
every April before the season begins. It uses
templates to organize the audits, ensure quality
and consistency and train new staff, Baker says.
Also,
Line up channels of information with
the plan sponsor and service providers before
starting the audit.
Centralize the SAS no. 70
report-review process and use a firmwide checklist
to update all audit teams and document information
distribution.
Include an experienced principal on
the audit team to handle client liaison.
Try to complete the audit at the
client’s office; it’s more efficient.
The future. “The DOL will
continue to scrutinize the profession’s
performance of these audits, so this niche is here
to stay.”
Thomas M. Clifford, CPA Parente
Randolph LLC Philadelphia
T homas M. Clifford heads the EBP audit section
of Parente Randolph, which pioneered the practice
as a separate service line. His areas of special
knowledge include benefit-plan design, legal
issues/compliance, recruiting and staffing
initiatives, team building and
pension/retirement/401(k)/employee stock ownership
plans.
Best practices. If you
don’t choose to use the AICPA audit guide to draft
proprietary workpaper forms and programs to manage
the engagement, many products from third-party
vendors (such as IAD Solutions or ACL) provide
checklists to plan the audit, cover major areas
and help organize fraud inquiries. They are easy
to update from year to year. Also,
Educate your clients about what their
risks and responsibilities are.
Make sure the engagement letter lets
clients know what they actually will pay for.
Plan audits that comply with GAAS—and
disrupt clients as little as possible.
Give clients quick turnarounds.
The
future. “Ever more
rigorous audit expectations may make a complex and
confusing set of rules even more so, but they will
enhance the usefulness of CPAs who audit employee
benefit plans.”
David Evangelista, CPA Goldstein
Lieberman & Co. LLC Englewood Cliffs,
N.J. D avid Evangelista
specializes in multiemployer EBP audits. His EBP
practice clients include labor unions, other
not-for-profit entities and real estate holding
companies.
Best practices.
“Multiemployer plans often include
their attorneys and actuaries at trustee meetings,
so their advisers will be available to help them
make decisions. We integrate into our audit what
we learn at the various board meetings we attend,”
Evangelista says. Proposals specify the
firm’s intention to check for compliance, so it
can audit important areas that otherwise might be
deemed immaterial, including trustee expenses,
conferences and meetings and other extraordinary
plan expenses.
The future. “EBPs will
expect more service, and audit fees will increase
as all types of audits expand. Because many health
plans are experiencing financial problems from
rising medical costs, EBP auditors may be asked to
evaluate how the plans operate and to help design
new and better plans for future health needs.
“Risk may increase if large defined-benefit
plans begin to struggle or fail, especially if the
Pension Benefit Guaranty Corp. (PBGC) does not
have sufficient assets to meet its obligations.
Plan participants likely will become better
educated and may depend more on auditors to keep
them informed about potential problems. Auditors
will have to consider a wider range of
participants’ needs and concerns.”
Janice L. Forgue, CPA Altschuler,
Melvoin and Glasser LLP/RSM McGladrey Inc.
Deerfield, Ill. J anice
L. Forgue, who has performed many benefit plan
audits throughout her 25-year career, is an
Altschuler, Melvoin and Glasser partner as well as
an RSM McGladrey managing director since 2005.
McGladrey has auditors dedicated to only EBP work,
which improves efficiency, Forgue says.
Best practices. To build
credibility auditors need to provide first-rate
work. To build business they need to get out and
meet people. Get involved in state society and
AICPA benefit plan groups to do both, she says.
Also,
Engage a knowledgeable consultant to
thoroughly train firm members in policies and
procedures for managing EBP audit engagements.
Network with pension managers and
third-party administrators.
The future . “Because DOL
oversight makes these engagements high-risk and
they have unique audit requirements, it will be
hard for firms to justify the costs of doing only
a few.”
Bertha Minnihan, CPA Mohler, Nixon
& Williams Campbell, Calif.
B ertha Minnihan is an audit
partner at Mohler, Nixon & Williams, which
audits more than 500 EBPs annually. The firm began
building its ERISA audit practice in 1980 with
three partners and a handful of staff; it now
employs 128 people, 48 of whom are involved in
performing EBP audits.
Best practices. Make
periodic checks to ensure all parties involved in
providing information for the audit process are on
track. Nothing derails a work schedule more than
finding out too late that a third party failed to
provide required documentation. Don’t let
last-minute issues become the client’s fire to
fight. Also,
Stay on top of DOL requirements. The
earlier you tell clients about coming changes, the
easier they will find it to comply.
Solicit feedback from clients to
learn where you can improve.
Develop your audit process from the
client’s perspective, not yours.
Perform annual internal inspections
to get operational feedback.
Use good peer review reports as a
sales tool.
The future. “The scope of
fiduciary responsibility is expanding. Both plan
sponsors and service providers of 401(k) and other
benefit plan audits face more work and need more
specialized education. Firms also have to
streamline costs while better educating clients
about how audits help them.”
Robert L. Prator, CPA Tarpley &
Underwood, PC Atlanta R
obert L. Prator of 47-person Tarpley &
Underwood oversees a seven-member ERISA audit
staff. An ERISA audit practice is a specialized
area, he notes, and requires an investment in
training and practice aids. “Firms should have or
plan to have enough ERISA engagements to justify
the investment,” he says.
Best practices. It is very
important to have someone experienced in ERISA
audits lead the niche development. Also,
Design a quality control system for
ERISA audits.
When proposing on a new engagement,
never simply assume very large third-party
administrators have SAS no. 70 reports.
Unfortunately, some don’t undergo this optional
internal control verification.
The
future . “Firms that have
treated the practice as a sideline business will
realize they need to devote more time and
attention to this area or quit performing ERISA
audits altogether.”
Diane M. Wasser, CPA Amper,
Politziner & Mattia, PC Bridgewater,
N.J. W asser is pension
services group director for 350-person Amper,
Politziner & Mattia, PC. The firm performs
defined-benefit and defined-contribution plan
audits and related employee-benefit and
welfare-benefit consulting for public and private
companies. Asked what mistake she’d never make
again, Diane Wasser replies: “I consider learning
from occasional mistakes an asset. It builds
character.”
Best practices. The firm
performs a largely paperless audit and has
designed several engagement masters, including
workpaper forms useful for both full and
limited-scope audits. “We tailor the masters to
each client and tailor new audit standards, such
as SAS no. 99, to EBP audits.” Also,
Provide a timeline that tells clients
what you need when.
Alert clients about compliance issues
as soon as possible.
Ask recordkeepers for reports and
access to databases that will assist in obtaining
audit evidence.
Network with lawyers who specialize
in ERISA and related benefit plan issues, and keep
in touch with other CPAs. Both are great referral
sources.
The
future . “Once the boom
ends, the survivors will be those firms that
operate their EBP practices efficiently and offer
plan sponsors high-quality audits, reasonable fees
and minimal disruption of their daily routines.”
Craig D. Winters, CPA Daniel A.
Winters & Co. CPAs Chadds Ford, Pa.
C raig D. Winters’s 75-year-old
family firm, Daniel A. Winters & Co., has
extensive experience in audit, compliance and tax
issues related to different types of EBPs; 13 of
its 20 staff members perform EBP audits. “This
niche already has changed significantly,” Winters
says. “Auditors have to address AICPA, PCAOB, SEC
and DOL rules including those related to
independence.”
Best practices. Assess
whether a SAS no. 70 report tests controls and
procedures thoroughly enough to reduce testing the
service providers. “Waiting until just before the
form 5500 filing due date to find out you need to
expand the scope of audit testing will result in a
strained client relationship at the very least,”
Winters says. Also,
Obtain the very best information and
never assume anything.
Communicate any issues to clients in
a professional manner that facilitates trust and
confidence.
The
future. “Meetings with
administrators and boards of trustees used to be
opportunities to build client relations, but the
Internet and other technologies are reshaping the
profession by reducing face-to-face contact with
clients. Now we have virtual meetings and
electronic records, and we provide work product
electronically. Not having paper-based source
records creates difficult audit issues for many
small firms.”
SO BOOMERS DON'T GO BUST
In recent years the DOL has significantly
stepped up its enforcement of the audit
requirement for employee benefit plans, and it has
accordingly developed guidance to help
administrators select a plan auditor. Among an EBP
auditor’s essential qualifications, the importance
of experience with these entities really can’t be
overstated. Members of the AICPA Employee Benefit
Plan Audit Quality Center are committed to
learning and disseminating the most current
information to provide quality services to their
clients. They are on record as having the highest
possible standards. A careful watch is essential,
with all Americans’ retirement options at stake in
the years ahead.
|
AICPA
RESOURCES
Conferences
AICPA National
Conference on Employee Benefit
Plans May 8–10, 2006
Marriott Baltimore
Waterfront Baltimore
On the web
AICPA Employee Benefit
Plan Audit Quality Center,
www.aicpa.org/EBPAQC .
This firm-based voluntary
membership center for CPA
firms that audit employee
benefit plans provides access
to comprehensive EBP audit
resources, including e-mail
news alerts, a dedicated Web
site, an online forum, tools
and Web seminars on technical,
legislative and practice
management subjects.
Publications
Audits of
401(k) Plans (#
736138JA).
Employee
Benefit Plans—AICPA Audit
and Accounting Guide (#
012595JA).
Employee
Benefit Plans Audit Risk
Alert (# 022415JA).
For more information, to
register or to place an order,
go to
www.cpa2biz.com or call
the Institute at 888-777-7077.
OTHER RESOURCES
International
Foundation of Employee Benefit
Plans (IFEBP), covers
multiemployer plans and
issues,
www.ifebp.org .
Department of
Labor, Employee Benefits
Security Administration,
www.dol.gov/ebsa . | | |