Best Practices in EBP Audits

EXECUTIVE SUMMARY

The Department of Labor requires employee benefit plan (EBP) audits for employers with more than 100 eligible plan participants and some smaller plans. EBPs include defined-benefit, defined-contribution, 401(k) and ESOP, health and welfare, and vacation and severance plans sponsored by a single company or several employers under common ownership. Multiemployer plans often include their attorneys and actuaries at trustee meetings to help them make decisions. A well-developed pension practice can convert what’s often seen as a so-so CPA service line into a very good business. Another plus is that an EBP audit niche can provide a firm with steady work from as early as March to October. Once launched, EBP practices remain relatively intact because companies don’t like to disrupt those areas. The DOL will continue to monitor these audits, so the niche is here to stay. The keys to developing a successful EBP audit practice are to name a niche champion, train staff thoroughly and stay current on regulatory developments. Set up lines of communication to exchange timely information with the client. Nothing derails a schedule more than finding out late in the engagement that a third party failed to provide required documentation. There’s risk: If auditor error or deficiency occurs, the DOL can levy significant fines and/or report firms to state boards of accountancy and the AICPA professional ethics division. Possible disciplinary actions against responsible parties include sanctions or loss of license. Largely paperless audits are a fact of life. Meetings with administrators and boards of trustees used to be opportunities to build client relations, but the Internet and other technologies are reshaping the profession by reducing face-to-face contact with clients. Michael Hayes is a senior editor on the JofA . Ms. Hayes is an employee of the AICPA and her views, as expressed in this article, do not necessarily reflect the views of the Institute. Official positions are determined through certain specific committee procedures, due process and deliberation.

enefits auditing is something of a sleeping giant,” says Thomas M. Clifford, CPA, a Parente Randolph LLC partner in Philadelphia. “There’s great potential for a firm with a well-developed pension practice to convert what’s often seen as a so-so service line into a multi-million-dollar business that supports several partners full-time.”

Clifford isn’t alone in seeing the opportunity. In this article principals from large and small CPA firms with strong employee benefit plan (EBP) audit practices share niche-building tips.

IT'S A GROWTH AREA
The Department of Labor (DOL) requires all employers with more than 100 eligible benefit plan participants and certain smaller plans to conduct EBP audits. More than 75,000 EBP audits are conducted each year, and the market is good and growing. “National firms preoccupied with Sarbanes-Oxley are shedding lower-margin engagements such as pension plans, or they are pricing jobs so clients go elsewhere,” Clifford says. And because benefit plans are separate entities from the companies offering them, CPAs can audit just the plan even if they don’t audit the company’s financial statements.

EBPs for large and small public and private companies and not-for-profits include defined-benefit, defined-contribution, 401(k) and ESOP, health and welfare, vacation and severance plans (see “ An EBP Glossary ”). They can be sponsored by a single company or several employers under common ownership (multiemployer), and many companies have more than just one plan type.

Multiemployer plans make good clients because they generally have large assets and are responsive to auditor suggestions, says CPA David Evangelista, a partner of Goldstein Lieberman & Company LLC in Englewood Cliffs, N.J. He considers EBP audit work genuinely enjoyable. “We attend board meetings and see how labor and management boards of trustees interact while representing different sides, which is exciting,” he says. “It’s very satisfying when they implement our recommendations.”

RISK AND RESPONSIBILITY
The downside of an EBP audit practice is that Department of Labor regulations create risk. If a firm without sufficient knowledge fails to properly perform the audit, the DOL can assess fines on the plan administrator or sponsor. One plan sponsor recently was fined $800,000. The DOL also has the power to report firms to state boards of accountancy and the AICPA professional ethics division for investigation. Either could result in disciplinary actions against the responsible parties that include sanctions or loss of license.

Another problem is that clients don’t always see EBP audits as important and tend to put them off. Some companies simply want an audit report for the cheapest price and balk at paying more for quality. “Clients who refuse to recognize their responsibilities toward their EBPs are a problem—as are practitioners who ‘lowball’ by charging inadequate fees that foster rushing the job,” says CPA Robert L. Prator of Tarpley & Underwood in Atlanta. “A good audit takes time.”

But performing the audit needs to be cost-effective for the firm, too. Some firms bid and set fees for each engagement year, sometimes for several years, and have to be extra careful about managing the time for the job.

Staffing is an issue, too. “It’s been hard to attract and retain professionals to develop the well-oiled-team approach that is such a competitive strength in this niche,” says Bertha Minnihan, CPA and audit partner at Mohler, Nixon & Williams in Campbell, Calif.

All the firms interviewed here say the keys to developing a successful EBP audit practice are to name a niche champion, to obtain—and impart to staff—very thorough training and to stay current on regulatory developments. For help, the AICPA Employee Benefit Plan Audit Quality Center offers a centralized place to find resources to enhance firms’ audit performance. Its online forum is a place to share EBP best practices and locate the latest information on audit developments (see “ AICPA Resources ”).

BENEFITS OF EXCELLENCE
Another plus is that an EBP niche can provide a firm with steady work from as early as March to October, depending on client extensions. Clients aren’t fickle, either. A company’s human resources, corporate accounting and treasury departments are the most affected during an EBP audit—so once launched, EBP practices remain relatively intact because companies don’t like to disrupt those areas, Clifford says.

Minnihan agrees. “You get to know the HR professionals in your community,” she says. “Do excellent work and they’ll seek you out when they change jobs.”

Here are some practitioners’ tips on how to do just that.

Anita Baker, CPA
Larson, Allen, Weishair & Co., LLP
Scottsdale, Ariz.

W hen Anita Baker joined Larson Allen Weishair in the 1980s, nonspecialist partners performed its EBP audits and the primary resource was the Employee Benefit Plans—AICPA Audit and Accounting Guide. Now the firm employs more than 800 people, and Baker heads a dedicated EBP practice that uses more than 60 auditors between April and October. Auditors get answers from Web sites such as the AICPA Employee Benefit Plan Audit Quality Center, whose executive committee Baker chairs. “Consolidating our group improved audit quality,” she says.

Best practices. The firm gives audit staff two days of in-house training every April before the season begins. It uses templates to organize the audits, ensure quality and consistency and train new staff, Baker says. Also,

Line up channels of information with the plan sponsor and service providers before starting the audit.

Centralize the SAS no. 70 report-review process and use a firmwide checklist to update all audit teams and document information distribution.

Include an experienced principal on the audit team to handle client liaison.

Try to complete the audit at the client’s office; it’s more efficient.

The future. “The DOL will continue to scrutinize the profession’s performance of these audits, so this niche is here to stay.”

Thomas M. Clifford, CPA
Parente Randolph LLC
Philadelphia

T homas M. Clifford heads the EBP audit section of Parente Randolph, which pioneered the practice as a separate service line. His areas of special knowledge include benefit-plan design, legal issues/compliance, recruiting and staffing initiatives, team building and pension/retirement/401(k)/employee stock ownership plans.

Best practices. If you don’t choose to use the AICPA audit guide to draft proprietary workpaper forms and programs to manage the engagement, many products from third-party vendors (such as IAD Solutions or ACL) provide checklists to plan the audit, cover major areas and help organize fraud inquiries. They are easy to update from year to year. Also,

Educate your clients about what their risks and responsibilities are.

Make sure the engagement letter lets clients know what they actually will pay for.

Plan audits that comply with GAAS—and disrupt clients as little as possible.

Give clients quick turnarounds.

The future. “Ever more rigorous audit expectations may make a complex and confusing set of rules even more so, but they will enhance the usefulness of CPAs who audit employee benefit plans.”

David Evangelista, CPA
Goldstein Lieberman & Co. LLC
Englewood Cliffs, N.J.

D avid Evangelista specializes in multiemployer EBP audits. His EBP practice clients include labor unions, other not-for-profit entities and real estate holding companies.

Best practices. “Multiemployer plans often include their attorneys and actuaries at trustee meetings, so their advisers will be available to help them make decisions. We integrate into our audit what we learn at the various board meetings we attend,” Evangelista says.

Proposals specify the firm’s intention to check for compliance, so it can audit important areas that otherwise might be deemed immaterial, including trustee expenses, conferences and meetings and other extraordinary plan expenses.

The future. “EBPs will expect more service, and audit fees will increase as all types of audits expand. Because many health plans are experiencing financial problems from rising medical costs, EBP auditors may be asked to evaluate how the plans operate and to help design new and better plans for future health needs.

“Risk may increase if large defined-benefit plans begin to struggle or fail, especially if the Pension Benefit Guaranty Corp. (PBGC) does not have sufficient assets to meet its obligations. Plan participants likely will become better educated and may depend more on auditors to keep them informed about potential problems. Auditors will have to consider a wider range of participants’ needs and concerns.”

Janice L. Forgue, CPA
Altschuler, Melvoin and Glasser LLP/RSM McGladrey Inc.
Deerfield, Ill.

J anice L. Forgue, who has performed many benefit plan audits throughout her 25-year career, is an Altschuler, Melvoin and Glasser partner as well as an RSM McGladrey managing director since 2005. McGladrey has auditors dedicated to only EBP work, which improves efficiency, Forgue says.

Best practices. To build credibility auditors need to provide first-rate work. To build business they need to get out and meet people. Get involved in state society and AICPA benefit plan groups to do both, she says. Also,

Engage a knowledgeable consultant to thoroughly train firm members in policies and procedures for managing EBP audit engagements.

Network with pension managers and third-party administrators.

The future . “Because DOL oversight makes these engagements high-risk and they have unique audit requirements, it will be hard for firms to justify the costs of doing only a few.”

Bertha Minnihan, CPA
Mohler, Nixon & Williams
Campbell, Calif.

B ertha Minnihan is an audit partner at Mohler, Nixon & Williams, which audits more than 500 EBPs annually. The firm began building its ERISA audit practice in 1980 with three partners and a handful of staff; it now employs 128 people, 48 of whom are involved in performing EBP audits.

Best practices. Make periodic checks to ensure all parties involved in providing information for the audit process are on track. Nothing derails a work schedule more than finding out too late that a third party failed to provide required documentation. Don’t let last-minute issues become the client’s fire to fight. Also,

Stay on top of DOL requirements. The earlier you tell clients about coming changes, the easier they will find it to comply.

Solicit feedback from clients to learn where you can improve.

Develop your audit process from the client’s perspective, not yours.

Perform annual internal inspections to get operational feedback.

Use good peer review reports as a sales tool.

The future. “The scope of fiduciary responsibility is expanding. Both plan sponsors and service providers of 401(k) and other benefit plan audits face more work and need more specialized education. Firms also have to streamline costs while better educating clients about how audits help them.”

Robert L. Prator, CPA
Tarpley & Underwood, PC
Atlanta

R obert L. Prator of 47-person Tarpley & Underwood oversees a seven-member ERISA audit staff. An ERISA audit practice is a specialized area, he notes, and requires an investment in training and practice aids. “Firms should have or plan to have enough ERISA engagements to justify the investment,” he says.

Best practices. It is very important to have someone experienced in ERISA audits lead the niche development. Also,

Design a quality control system for ERISA audits.

When proposing on a new engagement, never simply assume very large third-party administrators have SAS no. 70 reports. Unfortunately, some don’t undergo this optional internal control verification.

The future . “Firms that have treated the practice as a sideline business will realize they need to devote more time and attention to this area or quit performing ERISA audits altogether.”

Diane M. Wasser, CPA
Amper, Politziner & Mattia, PC
Bridgewater, N.J.

W asser is pension services group director for 350-person Amper, Politziner & Mattia, PC. The firm performs defined-benefit and defined-contribution plan audits and related employee-benefit and welfare-benefit consulting for public and private companies. Asked what mistake she’d never make again, Diane Wasser replies: “I consider learning from occasional mistakes an asset. It builds character.”

Best practices. The firm performs a largely paperless audit and has designed several engagement masters, including workpaper forms useful for both full and limited-scope audits. “We tailor the masters to each client and tailor new audit standards, such as SAS no. 99, to EBP audits.” Also,

Provide a timeline that tells clients what you need when.

Alert clients about compliance issues as soon as possible.

Ask recordkeepers for reports and access to databases that will assist in obtaining audit evidence.

Network with lawyers who specialize in ERISA and related benefit plan issues, and keep in touch with other CPAs. Both are great referral sources.

The future . “Once the boom ends, the survivors will be those firms that operate their EBP practices efficiently and offer plan sponsors high-quality audits, reasonable fees and minimal disruption of their daily routines.”

Craig D. Winters, CPA
Daniel A. Winters & Co. CPAs
Chadds Ford, Pa.

C raig D. Winters’s 75-year-old family firm, Daniel A. Winters & Co., has extensive experience in audit, compliance and tax issues related to different types of EBPs; 13 of its 20 staff members perform EBP audits. “This niche already has changed significantly,” Winters says. “Auditors have to address AICPA, PCAOB, SEC and DOL rules including those related to independence.”

Best practices. Assess whether a SAS no. 70 report tests controls and procedures thoroughly enough to reduce testing the service providers. “Waiting until just before the form 5500 filing due date to find out you need to expand the scope of audit testing will result in a strained client relationship at the very least,” Winters says. Also,

Obtain the very best information and never assume anything.

Communicate any issues to clients in a professional manner that facilitates trust and confidence.

The future. “Meetings with administrators and boards of trustees used to be opportunities to build client relations, but the Internet and other technologies are reshaping the profession by reducing face-to-face contact with clients. Now we have virtual meetings and electronic records, and we provide work product electronically. Not having paper-based source records creates difficult audit issues for many small firms.”

SO BOOMERS DON'T GO BUST
In recent years the DOL has significantly stepped up its enforcement of the audit requirement for employee benefit plans, and it has accordingly developed guidance to help administrators select a plan auditor. Among an EBP auditor’s essential qualifications, the importance of experience with these entities really can’t be overstated. Members of the AICPA Employee Benefit Plan Audit Quality Center are committed to learning and disseminating the most current information to provide quality services to their clients. They are on record as having the highest possible standards. A careful watch is essential, with all Americans’ retirement options at stake in the years ahead.