The final 401(k) regulations limited the ability of the plan sponsor to make a large Qualified Non-Elective Contribution (QNEC) to the lowest paid employee in order to pass the plan’s ADP test. Similar rules apply to QMACs and the ACP testing. Now apparently the IRS is removing default options in specimen volume submitter and prototypes that allow the employer to make contributions for a group of low paid employees to help pass nondiscrimination testing under IRC ยง401(a)(4).

We were given an IRS comment letter sent to a prototype provider on just such a request. We reproduced it here for you:

“The failsafe language may violate the nondiscrimination requirements of 401(a)(4) of the Code and has been excluded from the pre-approved program for this remedial amendment cycle. Any pre-defined class of employees which is limited to non-highly compensated employees with the lowest amount of compensation and/or the shortest periods of service and who may represent the minimum number of these employees necessary to satisfy coverage under 410(b) will not be accepted. Authority for this is found in Rev. Proc. 2005-16, Section 6.”

This change should come as no surprise, as it seems consistent with the IRS’s move to restrict the use of insignificant contributions to pass certain nondiscrimination testing.


2007 Governance initiative
complicates plan audits

“Governance” and responsibilities over the proper administration of a plan will impact plan audits in 2007. A CPA’s audit is generally required to be filed with Form 5500 for plans with more than 100 participants. These audits are prepared under standards established by the Financial Accounting Standards Board and the American Institute of Certified Public Accountants. Many of the audit standards have seen significant revisions that are part of the accounting industry’s response to financial fraud involved in the fall of Enron and other large employers. For example, the Statement on Auditing Standards (SAS) 112 impacts reports CPAs are now required to deliver to those responsible for the plan’s “governance.” That report must identify any deficiencies in the plan’s internal controls discovered during the audit.

“Governance,” as discussed in SAS 112, is reflective of the duties and responsibilities that ERISA imposes on the plan’s sponsor and the plan’s fiduciaries. The report, really a letter, specifically addresses whether the plan has been operated under procedures and controls that assure the proper administration of the plan’s benefits and investments.

All of the new audit rules that first become effective in 2007 and 2008 are changing the way plan sponsors will prepare for the plan’s audit. For many cases the responsibilities of preparing for an audit has been taken for granted. In some cases the only important criteria discussed in the preparation of the audit is how much the CPA will charge. And in the past some CPAs have undertaken these engagements without the experience and knowledge now demanded by the accounting industry and the Department of Labor. Thus, there have been some very deficient audit reports filed with the Department for many plans. But that is no longer the case. The DOL is carefully examining all plans’ audit filings. Where an audit reports contains deficiencies, the CPA who prepared the audit is referred to the CPA’s State Board of Accountancy for enforcement actions.

SAS 112 applies to plans with plan years ending on or after December 31, 2006. The SAS is titled, “Communicating Internal Control Related Matters in an Audit.” It establishes new guidance on communicating deficiencies in the plan’s internal control to the plan sponsor and plan administrator. Most plans operate with few written controls, and the plan sponsor tends to expect the CPA to be a part of its control; and if errors are found, the CPA will fix them. And that is what has happened. Here’s the big change under the SAS: CPAs preparing the financial statements for the plan audit cannot be part of the plan’s internal control. Nor can the plan sponsor rely solely on a third party not affiliated with the CPA to exercise control over the plan’s financial reporting. Where the controls are actually imposed by the third-party administrator, the plan sponsor must demonstrate to the plan’s auditor that it has supervised internal controls over the plan’s financial records and reporting.

If you are wondering what constitutes a plan’s internal control, here’s a brief overview from the SAS. A plan’s internal controls consist of the procedures that those “responsible” for the plan follow in all of the plan’s financial activities. That is, checks for expenses are verified against a third-party bill, and they are recorded properly in the plan’s accounting. Other examples include a procedure confirming that deposits to employee accounts and employer deferrals are reconciled in the right participant accounts, that census files are verified to the employer records, and that benefit payments follow the plan document.

Where a “significant and material weakness” in the plan’s controls is discovered, the auditor is required to provide a letter identifying the weakness to “those charged with governance.” In accounting parlance, “material weakness” is a “significant deficiency that results in more than a remote likelihood that a material misstatement of the financial statement will be prevented or detected.” A “significant deficiency” is a control “deficiency where there is a more than remote likelihood that a [significant] misstatement of the entity’s financial statements will not be prevented or deleted.”

SAS 112 only requires the CPA to deliver the letter to those responsible; that is, the letter is not attached to the audit report field with Form 5500. However, that letter will become a nuisance for plan sponsors who have not taken steps to put in place real internal control over the operation of the plan. Where the employer relies upon the third-party administrator to handle the plan’s administration and reporting, that won’t be enough. If the service provider has a SAS 70 on its internal controls over certain aspects of plan processing, that’s a big plus. Otherwise, the plan CPA will need to get comfortable with a provider’s internal controls. A SAS 70 is a report prepared by a service provider’s auditor on its internal controls. Most plans rely upon these reports to meet their own plan control responsibilities. When the sponsor relies on the service provider’s SAS 70 report, the sponsor will also need to be prepared to demonstrate to the auditor that it has properly supervised those controls.

It is likely that most plan sponsors will receive letters identifying at least one deficiency with instructions on a need to address the deficiency. But, it’s the other parties who will likely get those reports that can cause the most headaches. It is assumed that the DOL will also add the SAS 112 letter to its examination checklist; and, maybe more importantly, it’s only a matter of time before the disgruntled employees and plaintiff lawyers add this to their requested information.