This year, many CPA firms will face a dilemma. The economy has been good, and their largest client has hired additional employees. Suddenly, the 401(k) plan sponsored by that client and administered by a third-party administrator since its inception, with little or no input from the CPA firm, needs an audit. The firm performs little or no audit work, and primarily provides compilation and review services, with tax preparation and client consulting. The firm does not perform any other audits of employee benefit plans, and no one at the firm has training in this area. The client calls the firm partner and asks if the firm can provide the audit. The client indicates that it is only an Employee Retirement Income Security Act (ERISA) limited-scope audit, which, according to the third-party administrator, takes very little time to perform.
The accounting firm partner is not familiar with these engagements, and has to make a quick decision on whether to accept the audit.
On the one hand, the partner does not want to disappoint the client and explain that the firm does not have the expertise to perform the engagement. The firm consistently markets itself to clients that it is a full-service firm and can meet all client needs. On the other hand, the partner knows that the firm does not have the expertise to perform the engagement. In fact, the partner has no idea what is required to perform an ERISA limited-scope audit. Looming over this decision is the thought that if another accounting firm is brought in to perform the employee benefit plan audit, it will likely attempt to lure this client away due to the large fees generated by its other accounting and tax-related needs.
Faced with this decision, many firms will decide to accept the ERISA limited-scope audit engagement and deal with the consequences later. The primary motive on the part of the firm is to keep all other accounting firms away from its largest client.
I have taught CPE classes covering the audits of employee benefit plans for more than 10 years, and I have heard this story many times from firms who realized that they needed help and were taking classes to learn how to perform these audits properly. Too often, though, I heard the story from firms who had taken on these engagements years prior to taking these classes. In many cases, they were not even aware that there is an employee benefit plan audit guide that outlines audit procedures, documents the required disclosures, illustrates the financial statements, and contains examples of the auditor’s report. Of those firms that performed these audits without reading the audit guide and without taking any training, there is a high likelihood they performed substandard audits. Audits of employee benefit plans are a complex area of practice that is constantly subject to changes in either Department of Labor (DOL) rules and regulations, IRS rules and regulations, or accounting and auditing standards.
The risk of performing a substandard employee benefit plan audit is huge. For one, the DOL has a program in which it performs reviews of audit workpapers prepared by a sample of auditors of employee benefit plans. The DOL performs a thorough review of each set of workpapers that it selects to make certain that the work was performed in accordance with auditing standards generally accepted in the United States. If the DOL determines that the work was not performed correctly, it has the power to reject the Form 5500 that was filed by the employee benefit plan and assess a penalty of up to $50,000 against the plan sponsor. In addition, the DOL frequently refers firms that have performed substandard audits to the ethics division of either the AICPA or the respective state society. In some cases, where the work was significantly deficient, the DOL refers the individual CPAs involved to the State Board of Accountancy for further punishment.
Further, if a firm performs even a single employee benefit plan audit, it will become a must-select engagement during its next peer review. The PICPA has done a good job of policing the peer reviewers who review these specialty engagements to ensure suitable experience in performing these audits. There is a significant risk that if a firm performs one of these audits without proper training, the result will be a failed peer review. I have seen a number of cases in which the firm is permitted to continue to perform the audits, but cannot issue its reports until a preissuance review is performed by another accounting firm. This is a difficult thing to explain to a client.
Unfortunately, I have seen too many CPA firms get into trouble for simply taking on one of these engagements when they did not have the proper expertise.
The message in this column is very simple. If you choose to take on one of these engagements, get the proper training to make certain that you can properly perform the engagement. Obtain a copy of the most recent AICPA Employee Benefit Plans: Audit and Accounting Guide
, and read it. Get a copy of the most recent Employee Benefit Plans Industry Developments – Audit Risk Alert
(AICPA), and read it. Purchase the employee benefit plan specific auditing software that will assist you in developing the audit programs for the specific type of employee benefit plan. Keep in mind, there are significant differences between ERISA limited-scope and full-scope audits. Further, there are significant differences between defined contribution plans, defined benefit plans, and health and welfare plans. There is additional specialty training required if you choose to perform an audit of a 403(b) plan or an ESOP or multiemployer plan.
If you choose to take on one of these engagements, make a serious commitment to training on an annual basis to keep up with the constant changes that happen in this specialty area of practice.
In retrospect, many firms that chose to take on one of these engagements later regretted that decision. If you cannot make the commitment of time to properly learn how to perform these engagements, you might be better off identifying another firm that you can comfortably work with to perform these audits on your behalf.
Alan D. Ross, CPA, is president of Alan Ross & Company PC in Reading. He can be reached at firstname.lastname@example.org.