Under scrutiny: are pension plans being audited properly?

California CPA, March-April, 2004 by Alex Miller

Listen up. An individual's retirement is sacred. Remember the uproar when it became clear that most Enron employees' retirement had been wiped out? Our profession provides the public with a sense of security about their retirement.

[ILLUSTRATION OMITTED]

Generally, all pension plans with 100 or more eligible participants require an annual audit by a qualified CPA firm. In turn, firms, corporations and trust funds should be hiring qualified consultants, actuaries, attorneys and administrators to oversee these pension plans--and CPA firms to audit them.

A few years ago, the Office of the Chief Accountant-Employee Benefits Security Administration of the U.S. Department of Labor reviewed of a sample of plans that filed Form 5500 with an attached audit report for the year ended Dec. 31, 1992. The DOL found a 19 percent error rate, indicating that auditors failed to comply with one or more of the established professional standards.

The DOL has performed another review of employee benefit plans for the year ended Dec. 31, 2000, and even though the results are not final, it appears that there is not a marked improvement.

Employee benefit plan audits must be performed in accordance with professional standards and guidance and cover the full scope of audit procedures, not just an audit of the investment assets.

This article highlights important procedures related to audits of defined contribution plans, although many of the steps also would be applicable to defined benefit plan audits.

PLANNING AND THE PENSION AUDIT

During the planning phase of an employee benefit plan audit, the auditor normally should request the following information from the plan's administrator:

1) Access to the employee's census data for the plan year, including date of hire, termination date, hours worked, employee contribution and employer matching (if it applies). birth date and compensation.

2) A cumulative listing of all the participants' accounts for defined contribution plans, including 401(k) plans.

3) A cumulative trust statement from the financial institutions that hold the pension's trusts investments.

4) A listing of all participant loans and their activity during the year, along with the requirements to obtain a loan.

5) Access to the pensioner's files containing documentation for the monthly pension benefits that the participant is receiving, including the approval for the pension benefit.

6) The SAS 70 reports describing the internal controls for the service organizations that hold the pension fund investments, execute transactions and maintain the related accountability. Distinguish between a Type 1 report that documents internal controls and a Type 2 report that both documents and tests internal controls. A Type 2 report may be used to assess control risk below the maximum. Even though you as the auditor rely on the SAS 70 report for internal control purposes, it is still your ultimate responsibility to read the report and determine if the controls described apply to your client and to carefully evaluate any caveats.

In addition to the information requested from the administrator, the auditor should prepare a planning test scope worksheet to calculate and document the amount that will be considered material to the financial statements in planning the audit. (Note: the DOL considers any dollar amount material.) In addition, the auditor should analyze the change in the financial line items from the prior year's audited financial statements to this year's ending general ledger balances and indicate the assessed audit risk and the evaluation of the control environment.

Consideration also must be given to SAS 99, Consideration of Fraud in a Financial Statement Audit, and should be documented within your audit planning notes. SAS 99 establishes standards and provides guidance to auditors to fulfill their responsibility as to whether the financial statements are free of material misstatement, whether caused by error or fraud.

A determination of whether or not you're going to use a substantive approach or place reliance on internal control should be included within these planning notes. Discussion with the administrator/employer also should cover any related parties involved with the pension trust fund; reportable conditions in internal control; prohibited transactions; commitments and contingencies; subsequent events; and risks and uncertainties.

THE TESTING PHASE OF FIELD WORK

Whether or not you're going to rely on the internal control system of the administrator/employer, you still need to know what to test and look for. From my experience, this is an area where some firms run into problems when they audit employee benefit pension plans. This is also the part of the audit where you can provide clients with value-added service by recommending improvements within their system or by having them accumulate the necessary plan documents that are missing from the administrator's files.

1) Investment asset testing. Obtain a copy of the pension plan's investment policy guidelines, which indicate what type of investments the fund is allowed to invest in. In addition, a lot of policies indicate the maximum percentage that can be maintained in each category. I would highly advise against a pension board in which the directors/trustees are responsible for the investments. You want the expertise of an investment manager, which also adds a layer of fiduciary liability protection.