401(k) audit season is quickly approaching. Earlier this month, we talked about  “5 Tips to Set You up for Success” with your annual audit. Continuing with a focus on the Retirement Plan audit, Sequoia 401(k) Compliance Manager, Jeffrey Baum, hosted a Fireside Chat with experts on the Plan Audit and Form 5500 filing, covering topics such as when to engage your auditor, COVID-19 impacts, considerations when going through a merger, acquisition or IPO, and available correction programs when an error does come up. 

In addition to the discussion recording below, we’ve prepared answers to common questions our team fields this time of year. Additional references are highlighted within the information below.

Which Retirement Plans need to file a Form 5500? 

Generally, all plans must file a Form 5500. For example, plans must file one of the three versions of Form 5500: 

  • Form 5500 (“Annual Return/Report of Employee Benefit Plan”) for plans with 100 or more participants, 
  • Form 5500-SF (“Short Form Annual Return/Report of Small Employee Benefit Plan”) for one-participant plans and plans with 99 or fewer participants (see 80/120 Rule below), or 
  • Form 5500-EZ (“Annual Return of One-Participant (Owners and their Spouses) Retirement Plan”) for one-participant plans only. 

When is a Plan considered Audit Level? 

For first time filers, a company’s 401(k) plan requires a plan audit when the plan has 100 eligible participants on the first day of the plan year. An eligible participant is anyone who is an employee of the company who meets the requirements of the company’s 401(k) plan. Even if they decide not to participate in the plan, these individuals are still considered eligible participants. Terminated employees who have balances in the 401(k) plan on the first day of the plan year are also included. 

Prior short-form filers, a company’s 401(k) plan becomes audit level if the plan has 121 or more eligible participants on the first day of the plan year, an audit is required. Once an audit has occurred, the 401(k) plan must be audited every year thereafter until the eligible participant count drops below 80. Please refer to the 80/120 Rule question below. 

To learn more, please refer to Plan Readiness & Common Mistakes (PDF)

What is the 80/120 Rule when determine audit level? 

The 80-120 Rule provides an exception for growing businesses. If the plan has between 80 and 120 eligible participant count at the beginning of the plan year, and was considered a small plan filer in the previous year, the plan can continue to file the short form. 

When the eligible participant count exceeds 120, the plan must file a full Form 5500 with an auditors report. If you file the full Form 5500 after employing the 80-120 exception, the plan must continue to file the full Form 5500 – even if your eligible participant count drops below 120 – as long as you have at least 80 participants in your plan. 

To learn more please refer here.

What is a limited-scope Audit? 

Limited-Scope audit allows auditors to perform a full plan year audit on Plan operations and excludes auditing procedures with respect to investment information prepared and certified by a qualified bank or similar institution, or by an insurance carrier  

To learn more, please refer to Limited Scope Primer (PDF)  

When should I look to engage with an Auditor? 

Best practice is to engage your auditor 3-months before the non-extended filing deadline of July 31. 

To learn more, please refer to Plan Sponsor Guidelines Preparing for RFP

What is the Form 5500 Audit deadline? 

Form 5500 along with Financial Statements (Audit Level filing) is due on July 31. However, the Form 5558 can be filed to give the Plan Sponsor an extended deadline to October 15. Please note: Always confirm with your recordkeeper to ensure the extension was filed for the Plan. 

What happens if I missed the Form 5500 filing deadline? 

You can file through the Delinquent Filer Voluntary Compliance Program (DFVCP), as long as you have not received a “Notice of Intent to Assess a Penalty” Letter from the DOL.

What are the top 5 things I should do to help prepare for an audit?

  • Review the census to ensure it is complete, accurate and ties to the W-2 wages.  
  • Ensure that the Non-discrimination testing is complete, and any action items are cleared and documented.  
  • Communicate with your Recordkeeper or Third-Party Administrator (TPA) to ensure that the audit package is being prepared  
  • Review remittances to the Recordkeeper or Third-Party Administrator (TPA) for contributions to ensure that were made timely and none were missed (i.e. reconciles to payroll).  
  • Determine whether all plan amendments and changes are documented, communicated, implemented, and memorialized in the Committee Minutes. 

What are the common Governance responsibilities? 

As a plan sponsor, you should keep an updated Fiduciary File documents which includes current copies of plan documents and disclosures. These include:  

  • Adoption Agreement, Basic Plan Document (BPD), and Plan Sponsor Fee Disclosure (or 408(b)(2) notice)  
  • Vendor and Advisory Service Agreements  
  • Participant Disclosures and Notices (full list of disclosures included on Sequoia’s Compliance Calendar & Fiduciary Checklist)  
  • Retirement Committee Meeting minutes and material  
  • Documentation on any plan corrections  
  • Annual testing, audited plan financials, and Form 5500 
  • Any IRS or DOL communications 

What happens if the auditor does not catch something of regulatory significance? 

It is possible that your auditor may not catch every error – in fact, a plan audit is not designed to discover every possible error.  If an error is later discovered, it should be corrected in accordance with applicable IRS and/or DOL correction procedures.  

What considerations are there when you are changing an auditor? 

Selection of a plan auditor is a fiduciary function under ERISA, so it is important for the plan fiduciary(ies) to carefully document the reasons for switching auditors and the process used to select a new auditor. The Form 5500 also includes a field where you will need to explain the reason(s) for switching.  

To learn more, please refer to Plan Sponsor Guidelines Preparing for RFP

How much does a Volunteer Correction Program (IRS VCP) filing cost? 

In addition to making the Plan whole, the filing fee for a VCP application is based on the amount of plan assets and ranges from $1,500 to $3,500: https://www.irs.gov/retirement-plans/voluntary-correction-program-fees. If you have legal counsel prepare the application and communicate with the IRS on your behalf, there will also be associated legal fees. The costs of preparing and filing a VCP application cannot be paid from plan assets.  

Why is Cybersecurity an important consideration for Plan Sponsors? 

ERISA-covered plans often hold millions of dollars or more in assets and maintain personal data on participants, which can make them tempting targets for cyber-criminals. Responsible plan fiduciaries have an obligation to ensure proper mitigation of cybersecurity risks. 

The Employee Benefits Security Administration has prepared best practices for use by recordkeepers and other service providers responsible for plan-related IT systems and data, and for plan fiduciaries making prudent decisions on the service providers they should hire. 

To learn more, please refer to Cybersecurity Program Best Practices and Online Security Tips. 

Why is it important to document internal and external controls that are in place?  

Most large payroll and custodian processors (sometimes referred to as “Third Party Recordkeepers”) provide a SOC1 (Type 1 or Type 2) report but such reports vary widely as to what services are covered. In addition, some processors issue several reports that cover different locations, services or markets. Plan sponsors may contract with different processors to provide different services. Plan sponsors are expected by the processors to have controls in place to ensure accurate input and submission of data to the processors (complementary user entity controls). The Auditor will identify the complimentary user controls which are applicable for the Plan’s circumstances. The Auditor will request management to indicate what processes are in place to support the control. Dependent on the control, the response may need to come from Finance, Benefits or Payroll. 

To learn more, please refer here.


Kevin Takinen is a 401(k) Advisor for Sequoia where he works closely with our clients to evaluate and recommend retirement plan changes specific to each client’s needs. This includes optimizing plan design, providing investment due diligence, benchmarking, and fiduciary guidance. Outside of work, Kevin enjoys biking with his family, building Lego with his son, and reading a good book.

Jeffrey Baum is the 401(k) Compliance Manager for Sequoia where he consults on retirement plan regulations, monitors pension legislation, and educates colleagues and plan sponsors alike. In his free time, Jeff enjoys camping, outdoor recreation, music, and cooking.

Disclaimer:  

This content is intended for informational purposes only and should not be construed as legal, medical or tax advice. It provides general information and is not intended to encompass all compliance and legal obligations that may be applicable. This information and any questions as to your specific circumstances should be reviewed with your respective legal counsel and/or tax advisor as we do not provide legal or tax advice. Please note that this information may be subject to change based on legislative changes. © 2020 Sequoia Benefits & Insurance Services, LLC. All Rights Reserved  

Pensionmark® Financial Group, LLC (“Pensionmark”) is an investment adviser registered under the Investment Advisers Act of 1940. Pensionmark is affiliated through common ownership with Pensionmark Securities, LLC (member SIPC). Pensionmark Financial Group, LLC/Pensionmark Securities, LLC and Sequoia are non-affiliated entities.