|
March 1997
Table of Contents
Executive Summary
Objectives and Scope
Background
Previous OIG Study of Employee Benefit Plan Audits
Actions Taken By PWBA Since Issuance of OIG Report
Additional Improvements are Needed to Ensure Quality
Employee Benefit Plan Audits
Why Did Some Audits Comply, and Others Not Comply, With
Established Professional Standards?
Additional Improvements are Needed to Ensure Compliance
With Regulatory Reporting and Disclosure Requirements
Why Did Some Audits Comply, and Others Not, With
ERISA's Reporting and Disclosure Requirements?
Conclusions and Recommendations
Appendix I: Compliance With Generally Accepted Auditing
Standards
General Standards
Standards of Field Work
Standards of Reporting
Appendix II: Compliance With ERISA's Reporting and
Disclosure Requirements
Non-compliance With ERISA's Reporting and Disclosure
Requirements
Appendix III: Voluntary Feedback By IQPAs
U.S. Department of Labor Representative
Sufficiency of Professional Guidance and Training
Form 5500 and Related Instructions
Appendix IV: Sample Selection Methodology
Appendix V: Strengthening the Quality of Plan
Audits:AICPA Comments
Acknowledgments
Numerous people have contributed to PWBA's effort to
reassess the quality of employee benefit plan audits and prepare this
report. Alan Lebowitz has provided leadership and support throughout this
project. The Office of the Chief Accountant, most notably, Michael
Auerbach, Bing Lam, Marcus Aron, Judith DeJonge, and Albert Eunson,
conducted the fieldwork and drafted this report.
Many thoughtful and constructive comments were received
during the drafting of this report, most notably from Meredith Miller,
Terry Hoopes, Kevin Maroney, Charles Lerner, William Taylor, Susan Ugelow,
and the American Institute of Certified Public Accountants.
Finally, plan administrators and independent qualified
public accountants provided a level of cooperation without which this
entire effort would not have been possible.
IAN DINGWALL
Chief Accountant
Executive Summary
The Office of the Chief Accountant (OCA), Pension and
Welfare Benefits Administration (PWBA), U.S. Department of Labor (DOL),
has completed an assessment of the level and quality of audit work
performed by independent qualified public accountants (IQPAs) with respect
to financial statement audits (hereafter referred to as
"audits") of employee benefit plans covered under the Employee
Retirement Income Security Act of 1974 (ERISA) for the 1992 filing year
(plan year beginning in 1992). This assessment was performed as a
follow-up to a 1989 report issued by the Office of Inspector General (OIG)
in which the OIG concluded that 23% of audits of employee benefit plans
failed to comply with one or more established professional standards. In
addition, the OIG found that 65% of IQPA reports on employee benefit plans
did not meet the reporting and disclosure requirements of ERISA and the
regulations thereunder.
Objectives and Scope
The primary objective of our review was to assess
whether the level and quality of audit work being performed by IQPAs with
respect to audits of employee benefit plans covered under ERISA has
improved as a result of actions taken by PWBA and the accounting and
auditing profession since the issuance of the OIG's report.
Another major objective of our review was to develop
information to be used in implementing the Government Performance and
Results Act of 1993 (GPRA). The Act requires the development of measurable
program outcomes and the creation of strategic plans to achieve the
identified program outcomes. This review establishes an additional
baseline for measuring future success in achieving the overall program
outcome of improving the quality of employee benefit plan audits and
pinpointing how PWBA can best use its limited resources in this area.
Background
Since the issuance of the OIG's report, PWBA and the
American Institute of Certified Public Accountants (AICPA) have taken
numerous steps designed to improve the quality of employee benefit plan
audits. Some of these actions include:
creation of the Office of the Chief Accountant (OCA).
OCA is responsible for establishing and maintaining liaison with private
sector professional organizations and regulatory bodies on accounting and
auditing issues for employee benefit plans. One of OCA's main goals is to
improve the quality of employee benefit plan audits to ensure that
participants and beneficiaries are receiving the protections which these
audits are intended to provide;
targeting and reviewing of IQPA reports by OCA which do
not meet professional auditing standards as part of its reporting
compliance program;
performance by OCA of approximately 140 on-site
workpaper reviews at IQPA firm offices for the purpose of evaluating the
quality of audit work underlying the IQPA's audit report. In addition, OCA
has referred over 310 practitioners to the AICPA's Professional Ethics
Division and/or the respective State Board of Accountancy for potential
disciplinary action due to deficient audit work; and
development of a series of "Outreach
Programs" aimed at heightening awareness and providing guidance to
practitioners and auditors regarding the preparation of the Form 5500
Series Annual Report, current and emerging information regarding
accounting and auditing issues impacting employee benefit plans, and
general information regarding DOL's ongoing enforcement effort.
Additionally, the AICPA has made a concerted effort to
improve the guidance and training available to auditors of employee
benefit plans. Some of these actions include:
consulting with OCA on annual revisions to the AICPA's
Audit and Accounting Guide, Audits of Employee Benefit Plans. Since 1991,
this guide has been updated five times;
issuing a number of Audit Risk Alerts which are
intended to emphasize unique aspects of work performed by auditors of
employee benefit plans;
conducting six Annual Employee Benefit Plan Update
Conferences. These national conferences have been quite successful with
attendance by practitioners averaging 450-650 per conference;
developing and offering a self-study continuing
professional education course entitled Audits of Employee Benefit Plans,
as well as other self-study programs for employee benefit plans;
incorporating, as part of one of its practice
monitoring programs, the requirement that engagements selected for review
include high risk engagements such as audits of employee benefit plans or
a justification as to why such audits were not selected;
issuing numerous accounting and auditing pronouncements
(e.g., Statements of Position, Statements on Auditing Standards and
Practice Bulletins) aimed at providing guidance to practitioners on issues
affecting audits of employee benefit plans;
developing "Checklists" for auditors to use
in performing employee benefit plan audits;
in conjunction with PWBA, creating a video for use by
plan auditors on the unique nature of employee benefit plan audits; and
developing a brochure for use by plan administrators on
how to select a competent independent plan auditor.
The AICPA has taken investigatory and disciplinary
action against practitioners referred to its Professional Ethics Division
by OCA, including suspension and expulsion from AICPA membership. The
specific actions taken by the AICPA are detailed further in this report.
Findings
Based upon our review, we found that 19% of the audits
conducted by IQPAs pertaining to the 1992 filing year failed to comply
with one or more of the established professional standards (Appendix I).
We cannot conclude from a statistical standpoint that
the quality of employee benefit plan audit work has improved since the
OIG's assessment.
Additionally, we found that 33% of IQPA reports
reviewed failed to comply with one or more of ERISA's reporting and
disclosure requirements (Appendix II). While this error rate has
substantially decreased (by approximately 50%) since the OIG's study, we
believe that this error rate remains at an unacceptably high level.
During our review we have identified certain factors
which we believe contributed to whether or not employee benefit plan
audits complied with established professional standards. These factors
included:
the size of the CPA firm performing the engagement;
the adequacy of technical training and knowledge on the
part of IQPAs conducting employee benefit plan audits;
the awareness of IQPAs of the uniqueness of employee
benefit plan audits;
whether IQPAs have established quality review and
internal process controls;
the perception by plan administrators and/or IQPAs of
the importance of employee benefit plan audits beyond fulfilling a
governmental regulatory requirement;
the amount of audit work in the IQPAs overall practice;
the failure of IQPAs to perform necessary audit work;
the failure of IQPAs to understand the limited scope
audit exception; and
the period of time available to adapt to new technical
guidance.
Conclusions and Recommendations
In spite of the actions taken by both PWBA and the
AICPA to enhance the quality of employee benefit plan audits, we have
reached an overall conclusion that there has been no statistical change in
the overall quality of plan audits. In fact, we believe that the overall
error rate of 19% continues to be unacceptably high. We also believe that
the overall error rate of 33% pertaining to IQPA reports failing to meet
the reporting and disclosure requirements remains unacceptably high.
Accordingly, we recommend that PWBA take the following
actions to improve the quality of employee benefit plan audits:
Legislative Initiatives
In response to an OIG recommendation, DOL has worked
over the past seven years toward enactment of legislation aimed at
strengthening the quality of plan audits. Legislation to strengthen the
quality of plan audits was submitted to the 104th Congress and was
introduced as the "Pension Audit Improvement Act of 1995" (S.
1490, December 20, 1995). The AICPA expressed its support of this
legislation. In order to ensure the adequate safeguarding of pension
funds, this bill would have:
repealed the limited-scope audit exception;
required speedy reporting of serious ERISA violations
and imposed substantial civil penalties on plan administrators and plan
accountants failing to comply with the notification provisions; and
enhanced ERISA's auditor qualifications by requiring
that IQPA firms undergo periodic external quality control reviews and that
IQPAs complete continuing professional educational training relating to
employee benefit plan matters; and
provided the Secretary with the authority to define by
regulation who is considered to be an independent qualified public
accountant.
The Senate passed a significantly weakened audit bill
during the 104th Congress. However, the House of Representatives took no
action prior to adjournment. Accordingly, PWBA should continue to support
the enactment of legislation to improve the quality of employee benefit
plan audits.
The OIG recommended in their report that PWBA obtain
additional legislative authority to enforce ERISA's requirements directly
with IQPAs. At this time, we do not recommend that PWBA pursue legislation
to directly sanction IQPAs. PWBA should continue to monitor IQPA
compliance with professional standards to determine whether additional
legislative authority over IQPAs or other reforms may be appropriate.
Administrative Initiatives
PWBA should continue its outreach efforts aimed at plan
administrators and IQPAs to heighten awareness regarding the reporting and
disclosure requirements and accounting and auditing issues impacting
employee benefit plans, respectively. As a part of this effort, PWBA
should develop materials directed at plan administrators as to what they
should know about hiring an auditor for their employee benefit plans. Plan
administrators are ultimately responsible for the accuracy and
completeness of the annual report filing.
Overall, while we believe that sufficient guidance and
training is available to practitioners conducting audits of employee
benefit plans, practitioners have recommended that DOL continue to work in
conjunction with the accounting and auditing profession in addressing
audit areas where more specific guidance may be needed (i.e.,
multiemployer plans)(Appendix III). PWBA should also continue to work with
the accounting and auditing profession regarding training and educational
programs aimed at practitioners conducting audits of employee benefit
plans. As a part of this process, PWBA should work with the AICPA to
develop educational materials for peer reviewers to use when conducting
practice reviews of IQPAs conducting employee benefit plan audits. This
will help to ensure that these reviewers are educated regarding the
uniqueness of these types of audit engagements when conducting practice
reviews of fellow practitioners.
Enforcement Activities
OCA should revise the criteria it currently uses for
targeting reviews of employee benefit plans in an effort to identify
filings that may reflect deficient audit work. Specifically, OCA's
targeting criteria should include audits of plans performed by small to
medium size IQPAs. To enable such targeting, PWBA should consider
including on the Form 5500 the name and employer identification number of
the IQPA conducting the audit, whether or not such IQPA is compensated by
the plan.
OCA should broaden the scope of its "desk
review" process which currently focuses only on compliance with GAAS
reporting violations with little to no focus on the quality of the
underlying audit work. Finally, where OCA has identified deficient audit
work, OCA should consider a program to review subsequent work products to
ensure continued compliance with professional auditing standards.
OCA should continue to identify and reject those plan
filings wherein the report of the IQPA fails to comply with ERISA's
reporting and disclosure requirements.
PWBA should consider establishing a "help
desk" as part of its redesign of the Form 5500 processing system.
This "help desk," staffed with trained OCA personnel, would be
available to answer questions from filers regarding initial rounds of
correspondence generated by PWBA's automated processing system. In
addition, PWBA should reassess the resources devoted to enforcing ERISA's
reporting and disclosure requirements. Based on this assessment,
approximately 12,000 plan audits contain one or more GAAS deficiencies.
Current OCA staffing levels do not provide the necessary resources to
adequately target and review deficient plan audits. OCA's staffing level
will be further eroded by its commitment to conduct educational outreach
and other filer technical assistance efforts.
OCA should continue to work with the accounting and
auditing profession to incorporate ERISA's reporting and disclosure
requirements in the issuance of professional guidance. The need to do this
is further amplified by the feedback received from practitioners regarding
the complexity of ERISA's reporting and disclosure requirements (Appendix
III).
We believe that the above recommendations will help to
further improve the quality of employee benefit plan audits in the future.
Additionally, these recommendations will enable PWBA to use its resources
more effectively in targeting potentially deficient audit work and audit
reports. Finally, we believe that the results of this review can serve as
a baseline for PWBA in implementing GPRA which, as previously stated,
requires the federal government to establish measurable outcomes and
objectives to improve its performance and increase its results.
In an effort to ensure a valid sample selection
methodology, PWBA engaged the firm of Mathematica Policy Research, Inc. (MPR)
to develop the sample selection. This methodology is discussed further in
Appendix IV.
The AICPA has taken the opportunity to comment on this
report. Their comments, entitled "Strengthening the Quality of Plan
Audits," may be found in Appendix V.
Objectives and Scope
The primary objective of our review was to assess
whether the level and quality of audit work being performed by IQPAs with
respect to audits of employee benefit plans covered under ERISA has
improved as a result of actions taken by PWBA and the accounting and
auditing profession since the issuance of the OIG's report in 1989.
Specific objectives of our review were to:
assess whether the quality of employee benefit plan
audits has improved since the OIG's study;
assess whether plan audits were conducted in accordance
with professional auditing standards;
determine if the audit reports were presented in
compliance with ERISA's reporting and disclosure requirements; and
identify areas where changes would help improve PWBA's
ability to protect participants and beneficiaries.
Another major objective of our review was to develop
information to be used in implementing GPRA. The Act requires the
development of measurable program outcomes and the creation of strategic
plans to achieve the identified program outcomes. This review establishes
an additional baseline from which we will be able to measure future
success in achieving the overall program outcome of improving the quality
of employee benefit plan audits and pinpoint how PWBA can best use its
limited resources in this area.
In order to make our assessments, we reviewed audit
reports attached to Form 5500 filings for the 1992 filing year (for plan
years beginning in 1992). We selected a representative sample of 276 plan
audits from a universe of 51,352 plan audits (Appendix IV). Our assessment
included:
a review of the 1992 Form 5500 and the attached IQPA
report;
a detailed review of the audit workpapers for the 1992
plan year;
discussions with the IQPA regarding the audit
engagement; and
a compilation of voluntary demographic questionnaires
given to each of the IQPAs in our sample.
Our on-site workpaper reviews, performed at the IQPAs'
offices, were conducted during the period August 1994 through April 1995.
Background
ERISA was enacted by Congress to remedy abuses in the
nation's private pension and welfare benefit plan system. This law covers
pension and welfare benefits and is administered by three separate federal
agencies: the Department of Labor (DOL), the Internal Revenue Service
(IRS) and the Pension Benefit Guaranty Corporation (PBGC).
ERISA contains a number of provisions which were
enacted in recognition of the need to establish an effective mechanism to
protect the interests of plan participants and beneficiaries, and to
establish an effective mechanism to detect and deter abusive practices.
These provisions include the annual reporting of financial information and
activities of employee benefit plans. The Secretary of Labor is
principally responsible for enforcing ERISA's fiduciary and reporting and
disclosure provisions which are contained in Title I of the Act.
An integral component of ERISA's annual reporting and
disclosure provisions is the requirement for plans with more than 100
participants, and which hold assets in trust, to obtain an annual
financial audit by an IQPA.
Audited financial statements and the IQPA's report on
the fairness and consistency of their presentation must be filed with the
Form 5500 Annual Report within 210 days after the close of the plan year.
The audit requirement is intended to ensure the integrity of financial
information which is incorporated in the annual reports. Section 103 of
ERISA specifically requires that these audits be conducted pursuant to the
standards established by the accounting and auditing profession in the
pronouncements which define generally accepted accounting principles (GAAP)
and generally accepted auditing standards (GAAS). While ERISA's auditing
provisions have worked to provide DOL and plan participants and
beneficiaries with information about plan operations, experience has shown
that IQPA audits do not consistently meet professional standards.
Previous OIG Study of Employee Benefit Plan Audits
During 1989, the OIG conducted a review of the quality
of audit work being performed by IQPAs on private pension and welfare
benefit plans. The OIG issued its report on November 9, 1989.
Legislative and Regulatory Changes
Presently under ERISA, a plan administrator may elect
to exclude from an audit the plan assets that are held and certified to by
a bank, or similar institution, or an insurance company (i.e.,
limited-scope audits). The OIG concluded that this provision no longer
serves the purpose for which it was intended and increases the risk to
plan participants and beneficiaries because:
assets held by banks and insurance companies are
equally subject to abuse and mismanagement as those held by other
investment entities and, therefore, need to be subjected to ERISA audits;
limited-scope audits do not contain any assurance by
the IQPA on the financial information presented in the plan's financial
statements (i.e., the IQPA disclaims an opinion on the plan's financial
statements); and
a very significant amount of plan assets are not
subjected to audit.
To address these findings, the OIG recommended that
PWBA:
propose changes to ERISA to eliminate the limited-scope
audit provision;
work with the AICPA on its revision to the industry
audit guide to require ERISA compliance;
require plans to establish parties separate from plan
management (e.g., audit committees) to oversee IQPA audits on behalf of
plan participants and beneficiaries; and
require direct reporting of ERISA violations by IQPAs
to the plans' senior management and to PWBA for enforcement action.
IQPA Compliance with GAAS
In its report, the OIG found that IQPA audits of
employee benefit plans do not consistently meet GAAS despite the ERISA
requirement to do so. The OIG found that, in 64 (23%) of the 279 plans
reviewed, the IQPA failed to meet one or more elements of GAAS.
Additionally, the OIG found that there was a lack of monitoring by PWBA
and feedback from PWBA to IQPAs regarding audit quality. As a result, the
OIG found that IQPA audits do not provide the intended protection of
participant rights and benefits and cannot be relied upon to provide
adequate testing of financial and compliance control systems.
To address these findings, the OIG recommended that
PWBA:
work with the AICPA to obtain specific monitoring
coverage of ERISA audits in peer reviews;
expand its quality review procedures to include
evaluations of IQPA audit work to determine compliance with GAAS; and
use its existing enforcement authority against plan
administrators to obtain corrective action on deficient IQPA audit work.
IQPA Compliance with ERISA's Reporting and Disclosure
Requirements
In its report, the OIG found that IQPA audits were not
providing the required disclosures nor were IQPAs rendering the required
audit opinions on information accompanying a plan's financial statements
(i.e., supplemental schedules) as required by ERISA's reporting and
disclosure requirements. The OIG found that 181 (65%) of the reports
failed to meet these requirements. Additionally, the OIG found that there
was a lack of enforcement by PWBA when incorrect information was
submitted. As a result, the OIG found that participants were not receiving
the information or protections of full disclosure as ERISA intended.
To address these findings, the OIG recommended that
PWBA:
reject deficient statements or reports and allow plan
administrators 45 days to file a satisfactory report;
where necessary, retain IQPAs to perform audits and
charge plans for the audit costs; and
bring civil action against plan administrators to
enforce ERISA.
Finally, the OIG recommended that PWBA refer deficient
audit reports to appropriate professional organizations and state
regulatory agencies for review and possible action.
Actions Taken By PWBA Since Issuance of OIG Report
Generally, PWBA agreed with the findings and
recommendations made by the OIG. Accordingly, since the issuance of the
OIG's report, PWBA has taken various actions to address those findings.
Creation of the Office of the Chief Accountant
In 1988, PWBA created the Office of the Chief
Accountant (OCA). A main function of OCA is to enforce the reporting and
disclosure provisions of Title I of ERISA.
In addition, OCA is responsible for establishing and
maintaining liaison with private sector professional organizations and
regulatory bodies regarding accounting and auditing issues for employee
benefit plans. One of OCA's main goals is to improve the quality of
employee benefit plan audits to ensure that participants and beneficiaries
are receiving the protections which these audits are intended to provide.
Reporting Compliance Activities
Since the issuance of the OIG's report, OCA has been
involved in an aggressive enforcement program to ensure that employee
benefit plan audits comply with professional and regulatory standards. OCA
has taken the following enforcement actions to ensure compliance with
these provisions:
During 1990 and 1991, OCA conducted a special project
which resulted in the rejection of 5,208 Form 5500 Annual Report filings
for plan year 1988 wherein the plan administrator failed to attach the
report of an IQPA;
During 1991 and 1992, OCA conducted a special project,
similar to the one mentioned above, which resulted in the rejection of
1,400 Form 5500 Annual Report filings for plan year 1989 wherein the plan
administrator failed to attach the report of an IQPA;
As of December 31, 1996, OCA has issued 5,100 letters
rejecting deficient/incomplete Form 5500 Annual Report filings and
assessed penalties of $64 million against plan administrators who failed
to meet the reporting and disclosure provisions of ERISA;
As of December 31, 1996, OCA has performed
approximately 467 on-site workpaper reviews at IQPA offices to evaluate
the quality of the audit work underlying the IQPA report;
As of December 31, 1996, OCA has referred over 350
practitioners to the AICPA's Professional Ethics Division and/or the
respective State Board of Accountancy for potential disciplinary action
due to deficient audit work. The AICPA has taken investigatory and
disciplinary action against practitioners including suspension and
expulsion from AICPA membership;
OCA has improved compliance with the reporting and
disclosure requirements through the issuance of "Notices" to
plan administrators when incorrect or incomplete information was filed;
and
OCA has worked with PWBA's Office of Enforcement (OE)
to establish a system of inter-office referrals. OE refers to OCA
potential ERISA reporting and disclosure violations discovered during
fiduciary investigations of employee benefit plans. Likewise, OCA refers
potential fiduciary violations to OE.
Activities to Encourage Filer Compliance
Since the issuance of the OIG's report, OCA has also
initiated the following programs to encourage filer compliance:
a national "Outreach Program" aimed at
heightening awareness and providing guidance to practitioners regarding
the preparation of the Form 5500 Series Annual Report, current and
emerging information regarding accounting and auditing issues impacting
employee benefit plans, and general information regarding DOL's ongoing
enforcement efforts;
another "Outreach Program" aimed at the
various State Societies of Certified Public Accountants to provide
guidance and heightened awareness to independent auditors who conduct
audits of employee benefit plans; and
a "Delinquent Filer Voluntary Compliance
Program," effective April 27, 1995, to encourage, through the
assessment of reduced civil penalties, delinquent plan administrators to
comply with their annual reporting obligations under Title I of ERISA.
This is a successor to a similar "Non-Filer/Late-Filer Program"
which resulted in the filing of approximately 40,000 annual reports.
Work With Professional Organizations
In addition, DOL has worked closely with the AICPA and
the Financial Accounting Standards Board (FASB) to update the guidance
available to practitioners in this area. The following is a list of
actions taken in an effort to address the findings and recommendations
made by the OIG:
OCA continuously works with the FASB on issuing revised
accounting guidance for employee benefit plans;
OCA has actively participated in the meetings of the
AICPA Employee Benefit Plans Committee since 1990;
OCA continuously works with the AICPA on revisions to
the AICPA's Audit and Accounting Guide, Audits of Employee Benefits Plans.
Since 1991, the guide has been updated five times;
On August 3, 1992 and September 23, 1994, respectively,
the AICPA issued Statement of Position 92-6, Accounting and Reporting by
Health and Welfare Benefit Plans and Statement of Position 94-4, Reporting
of Investment Contracts Held by Health and Welfare Benefit Plans and
Defined-Contribution Pension Plans. These statements serve to amend
certain chapters of the AICPA's Audit and Accounting Guide, Audits of
Employee Benefit Plans;
During 1992, the AICPA issued Statement on Auditing
Standards No. 70, Reports on the Processing of Transactions by Service
Organizations. This statement provides guidance to practitioners when
auditing an entity that utilizes an outside service organization to
process certain transactions and is effective for service auditors'
reports dated after March 31, 1993;
During 1994, the AICPA issued Statement on Auditing
Standards No. 73, Using the Work of a Specialist. This statement provides
guidance to practitioners who use the work of a specialist in performing
an audit in accordance with GAAS. Specialists used by practitioners when
conducting an audit of an employee benefit plan may include, but are not
limited to, actuaries and appraisers;
In September 1994, the AICPA issued Practice Bulletin
12, Reporting Separate Investment Fund Option Information of
Defined-Contribution Pension Plans which serves to provide guidance to
practitioners through the interpretation of certain sections of its audit
and accounting guide, Audits of Employee Benefit Plans;
The AICPA issued two financial accounting and reporting
practice aids entitled, "Checklist for Defined Benefit Pension Plans
and Illustrative Financial Statements" and "Checklist for Health
and Welfare Benefit Plans and Illustrative Financial Statements;"
The AICPA issued a number of Audit Risk Alerts and
Current Industry Developments which are intended to provide information
that may affect the annual audits performed on employee benefit plans;
Beginning in 1990, the AICPA and PWBA have conducted
six annual Employee Benefit Plan Update Conferences. These conferences
have been quite successful as attendance by practitioners has averaged
450-650 per conference;
The AICPA developed and offered a self-study continuing
professional education course entitled, Audits of Employee Benefit Plans,
as well as other self-study programs for employee benefit plan
professionals;
The AICPA has incorporated, as part of one of its
practice monitoring programs (peer review), the requirement that
engagements selected for review include an audit of an employee benefit
plan; and
The AICPA, in conjunction with PWBA, is creating a
video for use by plan auditors on the unique nature of employee benefit
plan audits.
Additionally, since 1989, PWBA has worked with the
accounting and auditing profession in making the following changes to
relevant audit guidance in an effort to address substandard audit work:
In December 1990, the FASB issued new accounting and
financial reporting requirements through the issuance of Statement of
Financial Accounting Standards No. 110, Reporting by Defined Benefit
Pension Plans of Investment Contracts ;
Professional guidance now incorporates ERISA's
reporting and disclosure requirements;
Professional guidance provides illustrations of
financial statements and auditor's reports which adhere to ERISA's
reporting and disclosure requirements;
Professional guidance now incorporates audit procedures
which requires auditors to read the information in the Form 5500 to
determine whether such information is materially consistent with the
financial statements and auditor's report;
Guidance has been issued to assist auditors of employee
benefit plans in determining whether the appropriate type of audit has
been issued (full-scope vs. limited-scope); and
Professional guidance now incorporates audit and
reporting considerations related to party-in-interest and prohibited
party-in- interest transactions that are more stringent than normal GAAS
requirements.
Legislative Proposals
PWBA agreed with the OIG recommendation that changes
are needed to the legislative and regulatory requirements for employee
benefit plans to provide stronger protections for plan participants and
their beneficiaries and to provide more useful information to the users of
plan financial statements. Accordingly, since 1990, a number of bills have
been introduced before Congress based upon DOL proposals in an effort to
seek legislative changes to ERISA.
The Department transmitted an ERISA audit reform
proposal to Congress in June 1995. This proposal, introduced on December
20, 1995 as the "Pension Audit Improvement Act of 1995" (S.
1490), called for the following changes to ERISA to strengthen plan
audits.
Repeal of the Limited-Scope Audit Exception
ERISA Section 103(a)(3)(C) currently permits plan
assets held in certain regulated financial institutions to be excluded
from the scope of the audit of an employee benefit plan. Where plan
administrators exclude such assets from the scope of the audit, auditors
disclaim an opinion on the plan's financial statements. Accordingly,
repeal of the limited-scope audit exception would result in plan auditors
assuming responsibility for the audit of all plan assets. PWBA believes
that this would result in greater protections for plan participants and
beneficiaries and would provide more useful information regarding a plan's
ability to pay benefits when due.
Direct Reporting of Certain Events
Under current law, there is no specific duty for a plan
administrator or the plan's auditor to communicate directly to DOL as to
whether certain serious events called "irregularities" and/or
other specified events (e.g., termination of the plan's auditor) have
occurred . The plan administrator currently is required to report certain
of these events to DOL through the filing of the plan's Form 5500 Annual
Report as long as 21 months after the event has occurred.
The legislative proposal required the plan
administrator notify DOL within five business days after the plan
administrator first has reason to believe or after notification by the
plan's auditor that an "irregularity" may have occurred with
respect to the plan. Additionally, the legislative proposal would require
plan auditors to make such notification to DOL in the event that the plan
administrator fails to do so ("backup reporting").
Direct reporting of certain events would provide DOL
with a mechanism for more timely detection of serious violations of ERISA
as well as terminations of plan auditors. This would expand DOL's ability
to take prompt corrective action, when necessary. Finally, direct
reporting of these events should help to deter and to protect plan assets
from abusive practices which could significantly affect the plan's ability
to pay benefits to plan participants and beneficiaries.
Imposition of a Peer Review Requirement and Continuing
Professional Education
Under current law, there is no external quality review
requirement for IQPAs. Accordingly, auditors of employee benefit plans
need not participate in continuing practice-monitoring and/or educational
programs to ensure that the quality of their audit work remains sufficient
or that they are qualified to conduct audits of employee benefit plans.
The audit reform proposal would require that all practitioners conducting
audits of employee benefit plans participate in an external quality review
of their practice. The legislative proposal would require that an
appropriate number of audits of employee benefit plans in relation to the
scale of the practitioner's practice be subjected to the external quality
review. In addition, this legislative proposal would require that IQPAs
complete a minimum number of hours of continuing professional education or
training directly related to employee benefit plan matters. PWBA believes
that these new requirements would help to ensure uniform high quality
among all employee benefit plan audits.
Current Status of Legislation
On May 23, 1996, the President proposed broader pension
reform legislation, which was introduced in the House and Senate on May
23, 1996. The audit reform portion of that legislation accomplished the
same objectives as S. 1490. A significantly weakened audit bill was passed
by the Senate during the 104th Congress. However, no action was taken by
the House of Representatives prior to adjournment.
On January 16, 1997, the Comprehensive Pension and
Retirement Security Act of 1997 (H.R. 83) was introduced in the House of
Representatives by Congressman Schumer (D-NY). This bill is similar to the
S.1490.
On January 22, 1997, the Retirement Security Act of
1997 (S. 14) was introduced in the Senate by Senator Daschle (D-SD). This
bill contains over 30 provisions and is significantly different from
S.1490 and H.R. 83 in that it would not require the direct reporting of
serious ERISA violations to the Department of Labor and would repeal the
limited-scope audit exception for audits of pension plans only.
Follow-up Evaluation
Finally, in response to the OIG's report, PWBA
committed to reassess the level and quality of audit work being performed
by IQPAs with respect to audits of employee benefit plans covered under
ERISA. This report details the findings of PWBA's reassessment effort.
Additional Improvements Are
Needed to Ensure
Quality Employee Benefit Plan Audits
GAAS represents the framework under which auditors
exercise their professional responsibilities. The professional auditing
standards are typically viewed as the minimum guidelines or requirements
for the performance of an audit engagement. Auditing standards are created
by the AICPA and adopted by the AICPA membership. Departure from these
professional auditing standards, whether by circumstance or client
imposed, is to be explicitly stated in the report issued by the auditor.
ERISA Section 103(a)(3)(A) requires that employee
benefit plans with more than 100 participants retain an IQPA to perform an
audit of the plan's financial statements. This section requires that the
audit be performed in accordance with GAAS.
As previously stated, our total sample consisted of 276
plans. We assessed 262 audit engagements against their compliance with
professional accounting and auditing standards. Fourteen of the 276 plans
were excluded from assessment: five audits were excluded because the IQPA
audited the wrong entity (e.g., trust, insurance company); nine others
were excluded for other reasons as discussed in Appendix IV. We analyzed
the work performed by plan auditors using the requirements contained in
the AICPA's Audit and Accounting Guide, Audits of Employee Benefit Plans
(with conforming changes as of May 1, 1992), issued by the AICPA. This
guide represents the application of generally accepted auditing standards
and accounting principles to the special circumstances that are unique to
audits of employee benefit plans.
Our review found that 81% of the 1992 plan audits
complied with professional auditing standards. However, 19% of the 1992
plan audits contained deficiencies with respect to one or more relevant
GAAS requirements (Appendix I).
Based on the margin of error for this sample, an
overall error rate of 14.8% or less was required to enable PWBA to
conclude that the quality of employee benefit plan audits had improved
when compared to the OIG's study. Therefore, with an overall error rate of
19%, we cannot conclude from a statistical standpoint that the quality of
employee benefit plan audit work has improved.
Finally, because of the sampling methodology used in
performing this study, these relative percentages can only be applied to
the entire population of 1992 employee benefit plan audits and the extent
to which they are likely to comply or fail to comply with one or more of
the 10 generally accepted auditing standards. However, these percentages
cannot be applied to any one specific generally accepted auditing
standard.
Why Did Some Audits Comply, and Others Not Comply, With
Established Professional Standards?
Of the 262 audit engagements selected for on-site
workpaper reviews, 212 (81%) were considered to comply with GAAS. For
these audits, we concluded that the audit was conducted within the
framework of GAAS, meaning that:
the audit work was adequately planned and supervised;
the audit field work was properly performed; and
the results of the audit were properly communicated in
compliance with existing professional standards.
For 50 of the audits in our sample, we concluded they
were not conducted within the framework created by GAAS. In most cases,
the GAAS deficiency related to a failure to perform any audit work
whatsoever in a relevant audit area.
We analyzed these 262 audits to determine which
attributes and factors contributed to the engagements that were performed
in accordance with professional auditing standards, and those that were
not. The common attributes and factors affecting audit quality included:
the size of the IQPA firm performing the audit
engagement;
adequate technical training and knowledge to perform
the engagement;
awareness of the unique nature of auditing an employee
benefit plan;
implementation of an internal structure of process
controls which helped ensure a quality work product;
plan audits viewed as being ancillary;
performance of a reasonable number of audits as part of
the firms' professional practice;
performance of no audit work;
failure to understand the limited scope audit
exception; and
the period of time available to adapt to new technical
guidance.
Size of the IQPA Firm Contributed to the Quality of
Audit Engagement
Our review provided some valuable insights into the
correlation between the size of an IQPA and the likelihood of one of their
audits containing audit deficiencies. Most notably, in our sample, firms
with 20 or less employees:
were responsible for 64% of the deficient audits;
accounted for more deficient audits than larger firms
when taken as a percentage of the total number of audits. Specifically,
firms with 1-5 employees represented 9% of our sample but comprised
approximately 27% of the audits with deficiencies. Likewise, firms with
6-20 employees represented 18% of our sample but comprised approximately
38% of the audits with deficiencies; and
performed deficient audits at a far greater rate than
other size firms: 54% of the audits performed by firms with 1-5 employees
were deficient. Similarly, 41% of the audits performed by firms with 6-20
employees contained audit deficiencies.
Adequate Technical Training and Knowledge
One of the basic tenets of GAAS requires that IQPAs
possess adequate technical competence to complete the engagement. We found
that auditors performing adequate work were able to apply their accounting
and auditing expertise to employee benefit plans. Such expertise included
availing themselves of the technical guidance and training available for
employee benefit plans.
As was mentioned in the previous section of this
report, the AICPA has taken an aggressive role in providing technical
guidance for employee benefit plan auditors. In March 1991, the AICPA
issued its first update to the audit guide for employee benefit plans
since 1983, with yearly updates being issued thereafter. Since that time,
the guide has been updated five times.
Additionally, the AICPA also published Audit Risk
Alerts and Financial Accounting and Reporting Checklists for employee
benefit plans and other guidance dealing with pension and welfare benefit
plans. Starting in December 1990, the AICPA (in conjunction with DOL) has
held an annual Employee Benefit Plans Update Conference. The conference
has consistently been one of the AICPA's best attended conferences,
attracting 450 to 650 participants each year. The AICPA also developed a
self-study course for employee benefit plan audits. Additionally, other
professional organizations have developed conferences and self-study
materials dealing with employee benefit plans.
We believe that where practitioners availed themselves
of professional guidance and training, the resultant audit work conformed
with professional standards. It was common for these IQPAs to have a copy
of the AICPA's Audit and Accounting Guide, Audits of Employee Benefit
Plans (with conforming changes as of May 1, 1992). Additionally, we noted
that these practitioners had available to them current guidance on
professional accounting and auditing standards. Based on discussions with
these practitioners, we found that they had either taken advantage of the
AICPA guidance and educational programs (or other related conferences) or
had completed other relevant self-study courses.
For audits which did not comply with professional
standards, we believe that most practitioners did not possess an adequate
level of technical knowledge for the audit engagement. The reasons for the
lack of compliance included not being aware of the applicable professional
guidance (e.g., the industry audit guide), having the guidance but not
using it, and/or applying the guidance in an inappropriate manner.
Indicative of the failure to possess adequate technical
training and knowledge were four audit engagements where we concluded that
the auditor had failed almost every element of the general and fieldwork
standards. Additionally, where IQPAs did not possess the level of
technical knowledge required to conduct these types of audits, we believe
these practitioners failed to exercise due professional care with respect
to the conduct of the audit engagement.
In some cases, the IQPAs we visited did not have any
copies of the industry audit guide or other guidance published by
professional organizations. In these cases, the IQPA had not developed an
audit program or erroneously used an audit program not designed for an
employee benefit plan (e.g., audit programs for non-profit entities).
Unfortunately, in other cases the IQPA thought they did possess adequate
technical knowledge but a review of their work demonstrated otherwise. The
resulting audits generally exhibited gross failures of multiple
professional standards.
In one instance, the IQPA knew he had little or no
technical knowledge and performed a substandard audit. Subsequent to our
review of his work product, he obtained the necessary guidance materials,
educated himself, and re-performed the audit work. Review of this new work
indicated that it conformed with professional standards. This demonstrates
that, where an IQPA commits to education on standards related to employee
benefit plan audits, an acceptable work product emerges.
Overall, while we believe that sufficient guidance and
training is available to practitioners conducting audits of employee
benefit plans, feedback from practitioners indicated that present guidance
could be improved in certain areas where more specific guidance may be
lacking (e.g., audits of multiemployer plans) (Appendix III).
Awareness of Uniqueness of Employee Benefit Plan Audits
Employee benefit plan audits present different and
unique challenges for auditors. This is because the scope of the audit
transcends the money held in trust and the financial activity of the plan.
Employee benefit plans exist and operate in a regulated environment and,
accordingly, involve the examination of the plan's operation within that
legal framework. For example, functional areas such as benefit payments,
participant data, plan obligations and prohibited transactions are areas
which auditors would typically not encounter during a corporate financial
statement audit.
Benefit payments, participant data and plan obligations
are all related areas in that the auditing of one of these areas often
overlaps that of the other two. For example, eligibility testing affects
all three areas: a benefit can be paid only to eligible participants and
beneficiaries, a benefit payment must be properly applied to individual
participant accounts, and the total plan benefit affects the plan's
overall financial obligation. Audit procedures often include the review of
the same underlying documentation in each of these three areas, such as
personnel records, payroll records, and participant account records. In
addition, the plan instrument and related documents set forth requirements
and parameters that must be adhered to for each of these areas.
Accordingly, it is easy to see that audits of employee
benefit plans, in certain respects, are quite different from audits of
other entities. Auditing of the above three distinct areas can be of great
importance in that these areas can have a significant impact on the plan's
financial statements and tax qualification status and, consequently, can
significantly impact the opinion rendered by an IQPA on such financial
statements.
We found that acceptable plan audits recognized and
took into account the regulatory framework and its relationship with, and
possible impact on, the financial activity of the plan. In the 212 audits
that were considered to be acceptable, the IQPA performed the necessary
level of audit field work in these unique areas to support the opinion
expressed on the plan's financial statements.
Most of the deficient audits identified in our sample
failed two or more of these unique audit areas. Discussions with these
practitioners indicated that they did not recognize or understand the
impact these audit areas had on the overall audit engagement. In most of
these cases, the auditor focused merely on auditing the financial activity
of the plan.
Quality Review and Internal Process Controls
GAAS relates to the conduct of individual audit
engagements; quality control standards relate to the conduct of a firm's
audit practice as a whole. Thus, GAAS and quality control standards are
related, and the quality control policies and procedures that a firm
adopts may affect both the conduct of individual audit engagements and the
conduct of a firm's audit practice as a whole. These quality control
review processes are established to ensure that a minimum standard of
audit quality is achieved in all audit engagements.
Our review disclosed that firms that performed
acceptable audits had implemented a system of quality control review
processes. The nature and extent of these processes varied depending on
many factors, such as the firm's size, its personnel, the nature of its
practice, and appropriate cost-benefit considerations. Conversely, the
firms that performed grossly deficient work had not implemented an
adequate system of internal quality controls.
In our sample, large firms tended to have very formal
processes for internally reviewing audit work. These processes included:
standardized checklists and audit programs;
multiple levels of engagement oversight;
independent quality reviewers; and
staff with specialized skills in unique areas, such as
employee benefit plan audits.
Smaller firms generally employed less formal processes
but, nonetheless, were able to reach the same level of quality.
The AICPA has instituted a practice monitoring program
(peer review) in order for firms to maintain their AICPA membership. Among
other things, this program is designed to ensure quality in the
performance of accounting and auditing engagements. This program is based
on the principle that a systematic monitoring and educational process is
the most effective way to attain high-quality performance throughout the
profession. Those conducting the reviews are held to the same applicable
professional standards as the firms they are reviewing. In one instance,
however, we reviewed a set of audit workpapers which we found to be
grossly deficient. Upon discussion with the practitioner, this same set of
audit workpapers was reviewed during the firm's most recent peer review
and found to be acceptable.
Plan Audits are Perceived as Necessary Only
to Fulfill Governmental Requirements
In discussions with IQPAs, we learned that many of
their employee benefit plan clients believe that the only benefit to
having an audit is to satisfy a government regulatory requirement. They do
not view the audit as providing any value or protection to plan
participants and beneficiaries, nor do they view it as a means of
fulfilling their fiduciary obligations to the plan.
One practitioner we visited had performed little or no
audit work. When questioned about the lack of work, the practitioner
stated that his audit fee was $750 and, therefore, he performed up to $750
worth of audit work. Clearly, the IQPA's opinion was not supported by the
audit work performed. As a result, plan participants and beneficiaries are
being misled by the level of assurance implied in the audit report.
Unfortunately, this audit does not serve the purpose for which it was
intended; to protect the benefits of plan participants and beneficiaries.
We believe that the attitude of this auditor of this auditor is indicative
of the fact that this plan's audit was viewed as unimportant.
IQPAs told us they have a difficult time justifying to
their clients the level of work necessary to perform an audit in
accordance with professional standards. This has resulted in significant
cost pressures in the performance of the audit. We were told that
practitioners were losing their clients to other IQPAs who would perform
the audits for lower cost because they would not adhere to established
professional standards. This situation occurs because some firms view this
work as low risk with limited exposure to lawsuits.
Reasonable Portion of Practice Includes Audit Work
For the 212 acceptable audits, we generally found that
they were performed by IQPAs for which audit engagements comprised a
reasonable amount of the firm's overall professional practice. Most of
these firms devote the resources necessary to train and educate their
staff with respect to professional audit standards. In many cases, they
have also received specific training relating to employee benefit plan
audits. Accordingly, these firms and the staff they assign to audit
employee benefit plans are generally more aware of the intricacies of
these engagements.
During our review, we found that certain firms,
recognizing the importance of employee benefit plan audits, have begun to
dedicate specific staff to perform all of the audit work for these
engagements for the firm. These firms have adopted a philosophy that
specialization in specific areas will improve the overall quality of
audits in those areas.
Alternatively, for the audits we reviewed which
contained significant deficiencies, the audit of the employee benefit plan
frequently represented the only ERISA audit the firm performed. In some
cases it also represented the firm's only audit engagement.
Failure to Perform Necessary Audit Work
Of the substandard audits in our sample, the most
common reason for an IQPA to have failed a given audit area was that IQPA
did no work or substantially no work in that area. Such lack of audit
work, in this group of audits, was not limited to those audit areas
particular to employee benefit plans, such as prohibited transactions and
participant data. Many of these IQPAs also did no audit work in areas such
as management representations, internal controls, commitments and
contingencies, and subsequent events. These areas must be included in the
audit of any entity, not just employee benefit plans. In short, these
IQPAs concentrated only on tying down account balances instead of auditing
non-account balance areas too. Therefore, a sufficient audit was not
performed.
Audit areas related to participant data, plan
obligations, benefit payments, and party-in- interest/prohibited
transactions are unique to employee benefit plans. We found that these
four areas resulted in the most number of audit failures and, therefore,
an auditor with limited employee benefit plan experience might not be
aware of the significance involved with these areas.
Failure to Understand Limited-Scope Audit Exception
As previously discussed, under current law a plan
administrator may elect to exclude from an audit the plan assets that are
held by and certified to by certain regulated financial institutions. When
performed in accordance with professional standards, these audits
typically result in a "disclaimer of opinion."
A disclaimer of opinion does not provide any assurance
by the IQPA on the financial information presented on the plan's financial
statements taken as a whole.
Our review identified instances where auditors
performed almost no audit work, believing that the limited-scope audit
exemption only required that the auditor obtain a certification from the
financial institution. Where an IQPA performs a limited-scope audit and
fails to perform sufficient audit work in other areas not covered by the
certification, the user of the plan's financial statements has virtually
no assurance with respect to the financial operation of the plan.
Period of Time Available to Adapt to New Technical
Guidance
As stated previously, one of the reasons that IQPAs
failed to meet the minimum established professional standards when
conducting audits of employee benefit plans was their lack of the
requisite level of technical knowledge and training.
Our review encompassed audits that were performed for
the 1992 plan year. During the period from the issuance of the OIG's
report in 1989 to the audits conducted by IQPAs for the 1992 filing year,
the guidance available to practitioners was rather limited. During this
time period, updated technical guidance and training were just becoming
available.
Subsequent to the OIG's report, the AICPA's Audit and
Accounting Guide, Audits of Employee Benefit Plans, was revised in 1991
and again in 1992. It had not been updated for approximately eight years
prior to 1991. Additionally, the AICPA had conducted only three employee
benefit plan conferences (December 1990, 1991 and 1992). Given the
relatively short period of time between the revisions of the audit guide
and available training and the 1992 audit year which was the subject of
our study, we believe that practitioners may not have had adequate time to
adapt to the new technical guidance for the 1992 audit year.
We were also informed by several IQPAs that they had
obtained the necessary technical materials and training for audit
engagements performed for the 1993 (and future) plan years, but had not
used such guidance for the audits performed in 1992. This has led us to
believe that it may have been unreasonable to expect a major change in the
quality of plan audits within a three year period of time. It is expected
that, with time, the increased awareness by practitioners and the
extensive technical guidance and expanded self-study educational courses
available to practitioners today will serve to improve the quality of
employee benefit plan audits in the future.
Additional Improvements Are Needed
to Ensure Compliance With Regulatory Reporting and
Disclosure Requirements
In addition to adhering to GAAS, the report of the IQPA
must also meet certain ERISA reporting and disclosure requirements. ERISA
section 103(a)(3)(A) and regulations thereunder at 29 CFR 2520.103-1(b)
set forth these requirements. These additional reporting and disclosure
requirements were enacted to ensure that the federal government and plan
participants and beneficiaries were being provided with information that
may alert them to instances which could adversely impact the operation of
the plan (e.g., fiduciary breaches) and/or its ability to pay plan
benefits when due (e.g., losses from imprudent investments).
As previously stated, our total sample consisted of 276
plans. We assessed 267 IQPA reports against their compliance with ERISA's
reporting and disclosure requirements. The 267 IQPA reports assessed
include those five audits that were excluded from our assessment against
compliance with professional accounting and auditing standards because the
audit was of the wrong entity (Appendix IV) . Of the 267 audits reviewed,
88 (33%) IQPA reports failed to comply with one or more of ERISA's
reporting and disclosure requirements.
While actions taken by PWBA and the profession over the
past years have achieved a reduction of approximately 50% in the overall
error rate (65% to 33%), the current error rate of 33% calls for
continuing efforts in this area. The filing public, as well as IQPAs, need
to be better informed about ERISA's reporting and disclosure requirements,
and PWBA should continue to take necessary enforcement actions against
plan administrators who fail to meet these requirements.
Why Did Some Audits Comply, and Others Not, With
ERISA's Reporting and Disclosure Requirements?
Based on our study, IQPAs performed substandard work
most frequently when they were unaware of ERISA's reporting and disclosure
requirements and when they inappropriately applied ERISA's regulations.
These failures rested not only with the IQPA but also with the plan
administrators who engaged them.
The audit of the wrong entity (e.g., an audit of the
trust instead of the plan), the inappropriate use and misapplication of
the limited-scope audit exception are examples that demonstrate a lack of
ERISA knowledge. In providing an audit of the trust or the financial
entity holding plan assets, plan administrators did not understand that
the plan was the entity required to be audited. Likewise, IQPAs did not
understand the limited-scope audit exception and, therefore, misapplied
it. Finally, the IQPA's failure to extend their opinion to the
supplemental schedules indicated a lack of awareness of the unique
requirements of ERISA.
Conclusions and Recommendations
Conclusions
In spite of the actions taken by both PWBA and the
AICPA to enhance the quality of employee benefit plan audits, we have
reached an overall conclusion that there has been no statistical change in
the overall quality of plan audits from 1989 to 1992. The overall error
rate of audits that failed to comply with one or more of the established
professional standards continues to be unacceptably high at 19%. In
addition, the error rate pertaining to IQPA reports failing to meet
ERISA's reporting and disclosure requirements also remains unacceptably
high at 33%.
By examining the results of our review, we have further
concluded that:
the IQPAs that seem to have the most problems with
performing audits of employee benefit plans are those with less than 50
employees. In fact, our review disclosed that the smaller the firm, the
greater the incidence that there will be audit deficiencies;
the areas most often inadequately audited are those
areas that are unique to employee benefit plans. Where an audit area was
inadequately audited, the reason was more often than not that the IQPA did
not consider these unique areas at all and, therefore, performed no audit
work in these areas;
generally, IQPAs that fared the worst appeared to be
those that were the least informed about employee benefit plan audits.
Usually, these firms had done very little, if anything, to inform
themselves of the complexities of employee benefit plan audits, including
the auditing and reporting requirements of ERISA. In some cases, these
firms performed very little audit work at all, let alone in the area of
employee benefit plans which requires specialized knowledge and
experience; and
generally, larger IQPAs performed better audit work
than the smaller firms. Judging by the respective failure rates by size of
firm, we believe that larger firms do not fail as frequently because they
have more resources at their disposal. In addition, the larger the firm in
our sample, the more likely the firm was to employ audit specialists who
were available to answer complex questions and to render any other
assistance that was needed.
Recommendations
Based upon our results and conclusions, we believe that
improvements are still needed to improve the quality of employee benefit
plan audits. Accordingly, we believe the following actions will further
improve the quality of these audits.
Legislative Initiatives
In response to an OIG recommendation, DOL has over the
past seven years worked toward enactment of legislation aimed at
strengthening the quality of plan audits. Since 1990, a number of bill
have been introduced to Congress based on DOL proposals in this area.
Legislation to strengthen the quality of plan audits was submitted to the
104th Congress and was introduced as the "Pension Audit Improvement
Act of 1995" (S.1490, December 20, 1995). The AICPA has expressed its
support of this legislation. On January 16, 1997, the Comprehensive
Pension and Retirement Security Act of 1997 (H.R. 83) was introduced in
the House of Representatives by Congressman Schumer (D- NY). This bill is
similar to the S.1490. On January 22, 1997, the Retirement Security Act of
1997 (S. 14) was introduced in the Senate by Senator Daschle (D-SD). This
bill contains over 30 provisions and is significantly different from
S.1490 and H.R. 83 in that it would not require the direct reporting of
serious ERISA violations to the Department of Labor and would repeal the
limited-scope audit exception for audits of pension plan plans only. In
order to ensure that pension funds are adequately safeguarded:
PWBA should continue to support the enactment of
legislation to improve the quality of employee benefit plan audits by
correcting the factors contributing to the poor quality of such audits.
PWBA should continue to monitor IQPA compliance with
professional standards to determine whether additional legislative
authority over IQPAs or other reforms may be appropriate.
Education, Technical Training and Guidance
PWBA should continue outreach efforts with state CPA
societies, the AICPA and other professional organizations to provide
technical training to IQPAs and other plan professionals;
PWBA should consider developing materials designed to
educate plan administrators about hiring a competent plan auditor. Such
materials could be in the form of a question and answer pamphlet.
Educating plan administrators is important because they need to understand
the importance of the audit requirement and that they have the ultimate
responsibility for the accuracy and completeness of the plan's annual
report filing;
The AICPA should assess the effectiveness of peer
review programs in highlighting weaknesses in the quality of employee
benefit plan audits. The fact that some practitioners who received an
"unqualified" peer review but were deemed to have performed
deficient audit work is indicative that the peer review process may not be
highlighting all audit deficiencies. The AICPA should explore changes to
its peer review program so that practitioners receiving
"unqualified" opinions are in fact meeting the minimum
professional standards regarding employee benefit plan audits. PWBA should
encourage and assist the AICPA with this effort;
PWBA should work with the AICPA to develop educational
materials for peer reviewers to use when they are conducting peer and
quality reviews of employee benefit plan audits. Ultimately, the peer
review is only as good as the individual(s) performing the review.
Equipped with relevant knowledge regarding the uniqueness of employee
benefit plan audits, peer reviewers will better be able to identify
deficient audit work; and
The AICPA should encourage the development of a series
of smaller, regional employee benefit plan accounting and auditing
training conferences designed to attract the small to medium size IQPA
firms. While the AICPA has developed a very successful annual employee
benefit plans update conference, it may not be convenient or cost
effective for many smaller practitioners to attend. A regionally based
conference may attract more of the necessary target audience - small to
medium size IQPA firms performing a limited number of employee benefit
plan audits.
Reporting Compliance Activities
OCA should revise the criteria for targeting cases to
identify a greater number of plan filings with audits performed by small
to medium size IQPA firms. Currently, targeting is based on factors which
do not relate to the size of the IQPA firm;
For targeted filings which exhibit GAAS reporting
deficiencies, OCA should consider requesting copies of the audit
workpapers as a means of verifying the adequacy of work performed by the
plan's IQPA. Our review noted that, in some cases, the IQPAs were
correcting reporting deficiencies identified in our desk reviews but were
not going back and correcting their underlying audit field work. Obtaining
copies of IQPA workpapers will help to broaden the scope of the desk
review process which currently focuses only on compliance with GAAS
reporting violations;
OCA should consider the feasibility of a program to
review subsequent audit work products performed by IQPAs whose work has
been judged to be deficient. To date, PWBA's on-site workpaper reviews
have focused on obtaining compliance in the current period without
determining whether subsequent audits also contain deficiencies. This
would be similar to the disciplinary action taken by the AICPA's
Professional Ethics Division which also requires a review of subsequent
work products to ensure continued compliance with professional auditing
standards;
OCA should modify its current program of on-site
workpaper reviews at IQPA offices. Using information developed as part of
this review, PWBA should revise the criteria used to identify those plans
targeted for review focusing its efforts primarily on small to medium size
firms;
PWBA should consider including the name and employer
identification number (EIN) of the plan's IQPA on the Form 5500,
regardless of whether or not the IQPA is compensated by the plan. This
will enhance PWBA's ability to identify and target IQPAs who are
performing deficient professional work by targeting specific IQPAs in
instances where PWBA believes deficient work has been performed;
To improve compliance with ERISA's reporting and
disclosure requirements, OCA should continue to identify and reject those
plan filings which do not meet ERISA's reporting and disclosure
requirements with respect to supplemental schedules;
PWBA should consider establishing a "help
desk" as part of its redesign of the Form 5500 processing system.
This "help desk," staffed with trained OCA personnel, would be
available to answer questions from filers regarding initial rounds of
correspondence generated by PWBA's automated processing system;
PWBA should reassess the resources devoted to enforcing
ERISA's reporting and disclosure requirements as part of the formulation
of the agency's annual budget. Consideration should be given to any new
requirements and programmatic issues related to the new processing system
for Form 5500 reports. Based on this assessment, approximately 12,000 plan
audits contain one or more GAAS deficiencies. Current OCA staffing levels
do not provide the necessary resources to adequately target and review
deficient plan audits. OCA's staffing level will be further eroded by its
commitment to conduct educational outreach and other filer technical
assistance efforts; and
OCA should consider performing another statistical
study in a few years to once again assess whether the quality of employee
benefit plan audits has improved as a result of the increased technical
guidance, self-study educational courses, training conferences and PWBA
outreach programs that are available to practitioners today. Additionally,
a future statistical study would enable PWBA to assess whether it has met
its outcomes and objectives, improved its performance, and increased its
results as required under GPRA.
Appendix I
Compliance With
Generally Accepted Auditing Standards
The framework of GAAS is contained in 10 professional
standards consisting of three categories: three general standards; three
field work standards; and four reporting standards.
In our assessment of 262 audit engagements, we found
that 212 (81%) audits complied with established professional standards.
These audits were well planned, the audit workpapers contained specific
audit programs for employee benefit plan audits and the practitioners had
obtained the necessary technical materials and knowledge to adequately
plan and perform the audit engagement. These audits also contained an
adequate review of the plan's internal control structure and sufficient
evidential matter to support the opinion rendered on the plan's financial
statements.
However, our review disclosed that in 50 (19%) audits,
the IQPA's performance failed to meet one or more of the 10 professional
standards. This appendix discusses in detail the deficiencies identified
in each of the 10 professional standards for the 50 failed audits.
General Standards
Generally accepted auditing standards contain three
general standards. These general standards are intended to describe
desirable traits and characteristics of individuals performing the audit
engagement.
Technical Knowledge
The first general standard states that:
the examination is to be performed by a person or
persons having adequate technical training and proficiency as an auditor.
This standard is designed to ensure that the auditor
has adequate knowledge of the technical area being audited (i.e., employee
benefit plans) and the ability or proficiency to apply such knowledge to
the audit engagement.
Of the 50 audits, we determined that 18 (36%) audits
contained enough GAAS deficiencies for us to conclude that the auditor did
not possess adequate technical training or proficiency to perform the
engagement. We concluded that practitioners making a significant number of
errors ultimately did not possess the necessary technical competence
contemplated under GAAS to perform the audit engagement.
Independence
The second general standard states that:
in all matters relating to the assignment, an
independence in mental attitude is to be maintained by the auditor or
auditors.
The auditor has a unique responsibility to users of
financial statements, because the users are relying on the work of the
auditor to verify the information presented in the financial statements.
Implicit in this responsibility is that the auditor be independent of the
entity being audited.
Our review disclosed no cases where the auditor's
independence was violated with respect to the audit of the employee
benefit plan.
Due Professional Care
The third general standard states that:
due professional care is to be exercised in the
performance of the examination and the preparation of the report.
The purpose of this standard is to recognize that
auditors need to be diligent and conscientious in performing their duties.
Of the 50 audits, we believe that 22 (44%) audits
contained deficiencies significant enough for us to conclude that the
auditors had not exercised due professional care in conducting the audit
engagement. We came to this conclusion because the auditor is ultimately
responsible for observing the other nine standards contained in GAAS. In
these cases, the auditors usually demonstrated significant violations of
several other field work or reporting standards. Similar to our
conclusions regarding technical knowledge, practitioners exhibiting
significant numbers of GAAS deficiencies were deemed not to have exercised
due professional care with respect to the conduct of the audit engagement.
Indicative of this were four audit engagements where we concluded that the
auditor had failed almost every GAAS requirement relating to audit
planning, internal control evaluation and obtaining competent evidential
matter to support their opinion on the financial statements.
Standards of Field Work
Under GAAS there are three standards of field work.
These standards are designed to provide plan auditors with a basis for
judging the fairness and quality of the plan's financial statements. In
relation to the entire audit engagement, the field work standards could be
viewed as the core of the audit process. Our review disclosed that in 44
of the 50 cases it was noted that the IQPA failed to perform work in one
or more relevant audit areas relating to the field work standards.
Planning and Supervision
The first standard of field work states that:
the work is to be adequately planned and assistants, if
any, are to be properly supervised.
The purpose of this standard is to recognize the
difficult nature of an audit and to highlight that the successful
completion of the audit engagement is dependent on proper planning. The
standard also requires that all personnel working on the audit engagement
be properly supervised.
This is amplified in the AICPA's Audit and Accounting
Guide, Audits of Employee Benefit Plans. Chapter 5, Planning, paragraph
5.06 states:
...the planning process involves the development of an
overall strategy for the expected conduct of an audit.....
Of the 50 plan audits with GAAS deficiencies, 11 (22%)
of the audits demonstrated deficient work with respect to the planning and
supervision of the engagement. Three audits contained no evidence that any
audit planning was done by the IQPA. Additionally, eight audits contained
planning work which was deemed to be insufficient or inadequate.
Inadequacies in the planning work performed by IQPAs included:
lack of a specific audit program tailored to the audit
of the employee benefit plan;
failure to determine the operations of the plan or
current developments affecting the plan; and
failure to obtain and review such relevant documents
as: plan agreements, Summary Plan Descriptions, annual reports, investment
advisor agreements, etc.
Most of the deficient audits were performed by IQPAs
with approximately 30 or less employees. Of these, five firms had less
than five employees. We also noted that in the 11 engagements where
inadequate planning occurred, there were other significant GAAS
deficiencies as well. We believe this demonstrates that the failure to
adequately plan and supervise the audit engagement directly affects the
quality of work in other important areas of the audit process.
Internal Control Structure
The second standard of field work states that:
a sufficient understanding of the internal control
structure is to be obtained to plan the audit and to determine the nature,
timing, and extent of tests to be performed.
Internal controls assist plan management in recording,
summarizing and reporting relevant information contained in the financial
statements of the plan. By understanding the plan's internal control
structure, the auditor is able to determine the nature, timing and extent
of relevant audit procedures that need to be applied in the audit of the
plan's financial statements.
Further guidance is contained in the AICPA's Audit and
Accounting Guide, Audits of Employee Benefit Plans. Chapter 6, Internal
Control Structure, paragraph 6.09, states, in part, that:
the auditor should document the understanding of the
plan's internal control structure elements obtained to plan the audit.
Of the 50 audits, 11 (22%) audits evidenced either no
work or significantly inadequate work with respect to obtaining a
sufficient understanding of the plan's internal control structure.
Eight audits contained no evidence in the audit
workpapers regarding a review of, or reliance on the plan's internal
control structure;
Three audits contained inadequate workpaper
documentation with respect to review/reliance on the plan's internal
control structure. In these cases, discussions with the IQPA indicated
some internal control work had been performed as part of the audit
engagement, but the results of the work had not been documented; and
Six audits exhibited an inadequate review and
understanding of the plan's internal control environment. In these cases,
the IQPA failed to perform adequate audit work in six or more relevant
audit areas. These six audits were also performed by small to medium size
IQPAs and five of these firms had five or less employees.
We believe that an adequate internal control
environment helps ensure that the plan is operated in accordance with
established provisions, plan assets are protected, and participants
receive the benefits due to them. The IQPA's failure to study and document
the plan's internal control structure impacts not only the audit
engagement, but also potentially the plan's ability to protect assets and
ensure the payment of benefits.
Sufficient Competent Evidential Matter
The third standard of field work states that:
sufficient competent evidential matter is to be
obtained through inspection, observation, inquiries, and confirmations to
afford a reasonable basis for an opinion regarding the financial
statements under examination.
This standard requires that the auditor obtain
sufficient credible information during the course of the audit in order to
reach a conclusion as to the reliability of the plan's financial
statements. This standard can be viewed as the core of the audit
engagement. The knowledge obtained and information gathered during this
phase of the audit provides the basis for the IQPA's opinion on the plan's
financial statements. Inadequate work in this area may result in the IQPA
reaching the wrong conclusion as to the fairness of the plan's financial
statements.
To assess whether the audits in our sample contained
sufficient competent evidential matter, we analyzed work performed in the
following 11 areas (i.e., relevant audit areas):
Investments;
Contributions;
Benefit Payments;
Participant Data;
Plan Obligations;
Prohibited Transactions;
Tax Status;
Commitments/Contingencies;
Administrative Expenses;
Subsequent Events; and
Plan Representations.
The AICPA's Audit and Accounting Guide, Audits of
Employee Benefit Plans , Chapters 7 through 12, contains specific audit
objectives and recommended audit procedures for these relevant audit
areas.
Of the 50 audits which contained GAAS deficiencies, 42
(84%) had deficiencies with respect to obtaining sufficient competent
evidential matter. Except for administrative expenses, all of the other
areas we analyzed had an overall failure rate of at least 22%.
Of the 42 audits which had deficiencies with respect to
sufficient competent evidential matter, 22 (52%) audits contained
deficiencies in four or more of the relevant audit areas noted above.
One practitioner we visited had performed little or no
work in many of the areas listed above. When questioned about the lack of
work, the practitioner said his audit fee was $750 and, therefore, he
performed only $750 worth of audit work. In another case, an auditor
performed almost no audit work believing that the limited scope audit
exemption only required that the auditor obtain a certification from the
bank. In this case the IQPA essentially performed no additional audit
work.
Participant Data, Plan Obligations, Benefit Payments
and Prohibited Transactions
These four areas resulted in the most number of audit
failures, primarily because information relating to participant data, plan
obligations and benefit payments are somewhat inter-dependent.
Additionally, these areas of audit are unique to employee benefit plans
and, therefore, an auditor with limited employee benefit plan experience
may not be aware of the significance involved with these areas.
Of the 50 audits, 39 (78%) were deemed to have failed
one or more of these unique audit areas. Once again, this was due to the
fact that the practitioner performed little or no work in these areas.
With respect to prohibited transactions, typically the audit program used
by the auditor did not address the area of prohibited transactions. Taken
individually, these areas were failed at a greater rate than any of the
other audit areas.
Specifically, of these 39 audits, we noted that 14
audits failed three or more of these unique audit areas. Three of these
unique areas are interrelated (i.e., participant data, plan obligations
and benefit payments). We noted 23 instances wherein the IQPA failed to
perform sufficient work related to participant data. Furthermore, we noted
that in 17 of these 23 instances the IQPA also failed to perform
sufficient work in the area(s) of benefit payments and/or plan
obligations.
Tax Status
Of the 50 audits, 15 (30%) audits failed to address the
tax status of the plan. Once again, the failure in this area resulted
because the auditor failed to perform any work in this area. We noted that
in most cases, the audit program contained no specific audit procedures
relating to the tax status of the plan.
Investments
Of the 50 audits, 10 (20%) contained failures with
respect to audit work performed in the area of investments.
The insufficient audit work in this area consisted of:
four full scope audits in which the auditor did not
test fair market valuations, investment transactions or authorizations for
investment transactions; and
six limited scope audits pursuant to DOL regulations in
which the auditor did not obtain the proper certification from the bank or
insurance company or the certification did not cover all of the plan's
assets.
Contributions
Of the 50 audits, 11 (22%) audits contained failures
with respect to audit work relating to contributions.
The insufficient audit work in this area consisted of:
seven audits of multiemployer plans where the auditor
failed to perform adequate work related to the contributions received from
contributing employers; and
three audits of participant directed plans where the
auditor did not trace the allocations of employee contributions to the
investment options selected by participants.
Plan Representations
Of the 50 audits, 11 (22%) audits involved
practitioners who failed to obtain client representations. Statement on
Auditing Standards (SAS) No. 19, Client Representations, establishes a
requirement that the independent auditor obtain written representations
from management as part of an audit performed in accordance with generally
accepted auditing standards.
We find the failure rate in this area especially
egregious because GAAS specifically requires the plan auditor to obtain
client representations in order to issue an unqualified opinion on the
financial statements. Reasons for the failure to obtain client
representations included: an auditor not believing these were needed and,
in two cases, auditors claiming they had obtained, but subsequently lost,
representation letters.
Standards of Reporting
Under GAAS there are four standards of reporting. The
objective of an audit of financial statements of an employee benefit plan
is the expression of an opinion by an auditor on the fairness with which
the plan's financial statements present, in all material respects, the
financial position of the plan and its operations in conformity with GAAP.
The standards of reporting require the auditor to state whether, in the
auditor's opinion, the financial statements are presented in conformity
with GAAP and to identify those circumstances in which GAAP has not been
consistently observed.
Of the 50 audits, our review disclosed 11 (22%)
instances wherein the IQPA failed to adhere to one or more of the four
established standards of reporting.
First Standard of Reporting
The first standard of reporting states that:
the report shall state whether the financial statements
are prepared in accordance with GAAP.
The phrase "generally accepted accounting
principles" is a technical accounting term that encompasses the
conventions, rules, and procedures necessary to define accepted accounting
practice at a particular time. It includes not only broad guidelines of
general application, but also detailed practices and procedures. These
conventions, rules, and procedures provide a standard by which to measure
financial presentations. The AICPA's Audit and Accounting Guide, Audits of
Employee Benefit Plans, Chapters 2 through 4, establishes GAAP for
employee benefit plans and prescribes the general form and content of the
financial statements of these plans.
In five instances, it was noted that the plan's
financial statements were not presented in accordance with GAAP. However,
the IQPA failed to reflect the departure from GAAP in their report. The
five exceptions included:
one instance in which the financial statements of the
plan were materially misstated due to the failure of the IQPA to determine
whether the plan recorded an adjusting journal entry. The financial
statements of the plan presented cash (the only plan asset) in the amount
of $33,114. However, the amount of cash reported on the plan's financial
statements should have been $21,834 thereby resulting in an overstatement
in the plan's financial statements in the amount of $11,280;
one instance in which the financial statements of a
defined benefit pension plan failed to include information regarding the
actuarial present value of accumulated plan benefits and changes in
accumulated plan benefits as required by the Financial Accounting
Standards Board Statement of Financial Accounting Standards No. 35,
Accounting and Reporting by Defined Benefit Pension Plans; and
three instances where the IQPA failed to disclose in
the auditor's report that the plan's financial statements were prepared on
a comprehensive basis of accounting other than GAAP and failed to express
an opinion on whether the plan's financial statements were presented in
conformity with the other comprehensive basis of accounting used.
Second Standard of Reporting
The second standard of reporting states that:
the report shall identify those circumstances in which
GAAP has not been consistently observed in the current period in relation
to the preceding period.
The objective of the consistency standard is to ensure
that auditors appropriately reflect in their audit report when the
comparability of financial statements between periods has been materially
affected due to changes in accounting principles.
During our review, we did not note any instances where
plan auditor's failed to comply with this reporting standard.
Third Standard of Reporting
The third standard of reporting states that:
informative disclosures in the financial statements are
to be regarded as reasonably adequate unless otherwise stated in the
report.
The AICPA's Audit and Accounting Guide, Audits of
Employee Benefit Plans , Chapters 2 through 4, sets forth certain footnote
disclosures that should accompany the financial statements for employee
benefit plans.
Of the 50 audits, we noted five instances where the
IQPA failed to comply with the third standard of reporting by failing to
appropriately modify their audit report to reflect the lack of adequate
footnote disclosures. Missing footnote disclosures included:
the identification of investments that represent five
percent or more of the plan's net assets available for plan benefits;
information as to whether or not the plan has received
a favorable tax determination ruling from the IRS;
the priorities upon termination of the plan;
the basis for determining contributions to the plan;
the funding policy of the plan; and
information regarding the method and significant
assumptions used to determine the actuarial present value of the plan's
accumulated plan benefits as required by the Financial Accounting
Standards Board Statement of Financial Accounting Standards No. 35,
Accounting and Reporting by Defined Benefit Pension Plans.
Additionally, in one instance, we noted that the
financial statements of a defined contribution plan lacked all footnote
disclosures.
Fourth Standard of Reporting
The fourth standard of reporting states that:
the report shall either contain an expression of
opinion regarding the financial statements, taken as a whole, or an
assertion to the effect that an opinion cannot be expressed. When an
overall opinion cannot be expressed, the reasons therefor should be
stated. In all cases where an auditor's name is associated with financial
statements, the report should contain a clear-cut indication of the
character of the auditor's work, if any, and the degree of responsibility
the auditor is taking.
The objective of the fourth standard of reporting is to
prevent misinterpretation of the degree of responsibility the auditor is
assuming when his name is associated with financial statements. Reference
in the fourth standard to "taken as a whole" applies to
financial statements that are presented for one or more periods.
Of the 50 audits, we identified five instances where an
IQPA failed to comply with the fourth standard of reporting. In these
instances, it was noted that while the plan's financial statements were
presented on a comparative basis, the IQPA failed to report on all years
presented as required by the fourth standard of reporting.
Appendix II
Compliance With ERISA's
Reporting and Disclosure Requirements
In addition to conforming with and adhering to GAAP and
GAAS, respectively, the report of the IQPA must also meet certain ERISA
reporting and disclosure requirements. ERISA section 103(a)(3)(A) and DOL
regulation 29 CFR 2520.103-1(b) set forth these reporting and disclosure
requirements. These reporting and disclosure requirements were enacted to
ensure that users (the federal government and plan participants and
beneficiaries) were being provided with necessary information that may
alert them to instances which could adversely impact the operation of the
plan (e.g., fiduciary breaches) and/or its ability to pay plan benefits
when due (e.g., losses from imprudent investments).
Non-compliance With ERISA's Reporting and Disclosure
Requirements
Our review disclosed that, in the 267 audits reviewed,
88 (33%) IQPA reports failed to comply with one or more of ERISA's
reporting and disclosure requirements.
Of the 88 reports identified, the area(s) of
non-compliance were as follows:
Five (6%) IQPA reports did not pertain to the plan.
Four of these reports pertained to the trust and one report pertained to
the investment entity (i.e., insurance company). Accordingly, the subject
plans had not had an audit as required pursuant to ERISA;
Forty-nine (56%) IQPA reports failed to extend to one
or more of the required supplemental schedule(s). These supplemental
schedules are to be attached to the plan's Form 5500 Annual Report.
ERISA's reporting and disclosure requirements specifically require that,
where these schedules are to be attached to the Form 5500 Annual Report,
the report of the IQPA must also extend to such schedules;
In 19 (22%) instances, the required supplemental
schedules failed to include all the necessary information pursuant to
ERISA's reporting and disclosure requirements. The area of greatest
non-compliance was due to the failure to include "participant
loans" and/or "cost" information on the schedule of assets
held for investment;
In four (5%) instances, it was noted that the IQPA's
audit was inappropriately limited. In these instances, the IQPA stated in
their report that the scope of their audit was limited pursuant to DOL
regulation 29 CFR 2520.103-8. However, the financial institution holding
the plan's assets did not qualify for such treatment as it was not a bank,
or similar institution, or an insurance company;
In six (7%) instances, it was noted that the scope
limitation provided for in DOL regulation 29 CFR 2520.103-8 was
inappropriately applied. The scope limitation pertains only to investments
held and investment related transactions (e.g., buys, sells, gains,
losses). However, in the instance noted, the limitation was
inappropriately applied to other financial areas such as benefit payments
and contributions;
In 20 (23%) instances, it was noted that the statement
of net assets available for plan benefits was not presented in comparative
format as required by ERISA's reporting and disclosure requirements;
In seven (8%) instances, it was noted that the
footnotes to the plan's financial statements failed to include a
"reconciling footnote." ERISA's reporting and disclosure
requirements require that an explanation of the differences, if any,
between the financial information contained in the separate financial
statements and reported on the Form 5500, be reconciled in the footnotes
to the plan's financial statements. In the instances noted, such a
reconciliation was not included in the footnotes to the plan's financial
statements; and
In two (2%) instances, it was noted that while the
statement of net assets was presented in comparative format, such
statement was not presented as of the beginning and end of the plan year
as required by ERISA's reporting and disclosure requirements. In one
instance the plan was merged with another plan effective 1/01/92. However,
the financial statements for plan year ended 12/31/91 were restated to
combine both plans. The plan year 1991 financial statements should not
have been combined. In the other case, plan year 1992 financial statements
were presented as of 1992 and 1993, instead of as 1991 and 1992.
While actions taken by PWBA and the profession over the
past years have achieved a reduction of approximately 50% in the overall
error rate (65% to 33%), the current error rate of 33% calls for
continuing efforts in this area. The filing public, as well as IQPAs, must
be well informed about ERISA's reporting and disclosure requirements and
PWBA must continue to take necessary enforcement actions against plan
administrators who fail to meet these requirements.
Appendix III
Voluntary Feedback By IQPAs
In this era of reinvention and in an effort to provide
better customer service, OCA provided a feedback questionnaire to
practitioners selected for review. The questionnaire provided for
practitioners to assess/rate DOL on a scale of one (strongly disagree) to
five (strongly agree) in the following areas:
the conduct of the DOL representative performing the
on-site workpaper review;
the sufficiency of professional guidance and training;
and
the understandability of the Form 5500 and its related
Instructions.
In addition, the questionnaire allowed the
practitioners to provide any other additional comments or concerns they
may have directly to the Chief Accountant of the PWBA.
A total of 114 responses were received from
practitioners. The individual scores were compiled to arrive at an overall
score for each feedback question.
U.S. Department of Labor Representative
To assess the level of customer service being provided
by the DOL representative and to identify areas where improvement is
needed, IQPA firms were asked to rate the following:
The DOL representative thoroughly explained the purpose
and scope of the review of the firm's audit workpapers.
The overall score for this element was 4.63.
The DOL representative conducted an exit conference
wherein the results of the review of the firm's workpapers were adequately
discussed.
The overall score for this element was 4.62.
Where deficiencies were identified, the DOL
representative adequately discussed corrective actions to be taken to
bring the plan's filing into compliance.
The overall score for this element was 4.63.
Overall, we believe these scores demonstrate an
excellent level of customer service.
Sufficiency of Professional Guidance and Training
In order to assess the sufficiency of professional
guidance and training for IQPAs conducting audits of employee benefit
plans and to identify areas where such may be lacking, IQPA firms were
asked to rate the following:
Sufficient professional guidance (e.g., audit and
accounting guides) exists with respect to accounting and reporting for
employee benefit plans.
The overall score for this element was 3.86.
Sufficient training programs (e.g., continuing
professional education courses) exist with respect to accounting and
reporting for employee benefit plans.
The overall score for this element was 3.58.
Sufficient guidance exists with respect to reporting
and disclosure requirements pursuant to ERISA's reporting and disclosure
requirements.
The overall score for this element was 3.42.
In addition, practitioners took the opportunity to
provide OCA with the following additional comments and concerns:
Most of the guides followed are prepared internally as
outside literature is not as clear. Accordingly, as a member of a smaller
firm, finding resources which provide clear and understandable guidance
may be more difficult;
More specific guidance and training is needed in the
multiemployer plan area;
Improved guidance on assessing audit requirements for
health and welfare plans is needed given the various manners in which
these plans are accounted for;
More continuing professional education courses on
employee benefit plan are needed; and
DOL should consider developing a question and answer
guide addressing certain areas of audit that are confusing. This would
serve the auditors and users greatly in lessening confusion and bringing
down costs to employers.
Overall, while the present guidance could be improved
and expanded in certain areas, we believe that the above scores
demonstrate that sufficient guidance and training is available to
practitioners conducting audits of employee benefit plans. However, it is
recommended that the DOL continue to work in conjunction with the
profession in addressing areas where more specific guidance may be lacking
(i.e., multiemployer plan area).
Form 5500 and Related Instructions
To enable DOL to determine whether the failure rate to
comply with ERISA's reporting and disclosure requirements may be
attributable to the complexity in completing the Form 5500, OCA asked
IQPAs to assess whether the Form 5500 and related Instructions are clear
and understandable. The overall score for this element was 2.90.
In addition, IQPAs provided OCA with the following
additional comments and concerns:
Some IQPAs expressed difficulty in sorting through the
Form 5500 and supplemental schedule requirements due to the wide
divergence of application and interpretation in this area. In addition,
some IQPAs indicated that, while the Form 5500 and related instructions
are getting better as time goes by, the instructions still need
improvement. Finally, simplification of the reporting requirements would
probably improve compliance. At present, completing the Form 5500 is a
very time consuming and confusing process due to the various specialized
rules and reporting requirements for each of the three agencies using the
Form 5500 (i.e., DOL, IRS and PBGC);
The plan's financial statements and the Form 5500
should be prepared on the same basis of accounting (i.e., GAAP basis).
This would greatly assist the ease of preparation involved without losing
any important information;
Because the financial community and investment
accounting requirements place little value on historical cost information,
it is suggested that the requirement to report historical cost information
in the schedule of assets held for investment purposes be eliminated;
IQPAs need more communication regarding common
reporting deficiencies so proactive corrections can take place. A report
of the most common errors discovered by DOL resulting in rejection of the
Form 5500 would be helpful. In addition, more time should be given to
practitioners when corrective actions are to be taken;
While the AICPA audit guide is a good source for audit
guidance, ERISA's reporting and disclosure requirements in the guide are
not as clear as they could be; and
DOL should give IQPAs guidance on the
"independence" question as it relates to performing certified
audits and plan administration of the same client.
Based upon the above, we believe that the Form 5500 and
related Instructions could be improved. At present, DOL is considering
simplifying the Form 5500 for ERISA reporting and disclosure purposes and,
as such, some of the comments and concerns expressed by IQPAs would be
resolved.
Appendix IV
Sample Selection Methodology
In an effort to ensure a valid sample selection
methodology, PWBA engaged the firm of Mathematica Policy Research, Inc. (MPR)
to develop the sample selection. Our goal was to develop a sample that
could be extrapolated to the population as a whole in determining whether
or not the quality of employee plan benefit audits had improved since the
OIG's assessment.
The sample design for this effort was a stratified
cluster sample. The primary sampling units were zip code aggregates of all
eligible plans. The sample was drawn from a universe of 51,352 plans
wherein an IQPA report was filed along with the 1992 Form 5500 Annual
Report filing. However, the following groups of plans were excluded from
the sample universe:
Plans not covered by ERISA and plans sponsored by
one-person firms;
Plans with fewer than 100 participants;
Plans with no assets and plans holding all of their
assets in the form of cash which represent most unfunded welfare benefit
plans. However, funded welfare benefit plans were included in the sample
universe; and
Plans that were required by ERISA to file an IQPA
report with their Form 5500 Annual Report filing but failed to do so.
Although such plans are not in compliance with the reporting and
disclosure requirements of ERISA, such plans were excluded because there
would be no audit or audit workpapers to review.
The plans were then aggregated into primary sampling
units. The primary sampling units were geographically clustered plans
consisting of three individual plans. When a cluster was selected for the
sample, all three plans were reviewed.
To ensure that the sample allowed for late filers, the
sample was augmented. This was done because the exclusion of late filers
could be problematic as error rates may be correlated with filing
promptness. Accordingly, two cut-off dates were used to select the sample.
The first cut- off date was used to select the bulk of the sample since
this is when the majority of plan filings were expected to have been
processed. The second cut-off date was made at a time when essentially all
plan filings would have been received.
The sampling methodology resulted in a total of 276
plans initially selected for review. The first cut-off date yielded a
total of 221 plans with the remaining 55 plans being selected from the
second cut-off date.
Of the 276 plans selected for review, nine plans were
subsequently excluded due to the following reasons:
Six plans were under active investigation by PWBA
and/or involved in litigation with PWBA;
In two cases, OCA was unable to locate the plan (e.g.,
the request for access to the IQPA's workpapers was returned
undeliverable); and
In one case, an audit of the plan was not required.
Prior to OCA's review, the plan administrator amended the initial filing
by submitting a Form 5500C/R because the plan had less than 100
participants as of the beginning of the plan year. Accordingly, an audit
of the plan was not required under ERISA.
Additionally, while not excluded from the sample
universe, OCA subsequently noted that five plans had attached the report
of an IQPA. However, the IQPA's audit report did not pertain to the plan
(e.g., the wrong entity was audited). Accordingly, while not in compliance
with the reporting and disclosure requirements of ERISA, OCA was unable to
formulate any judgements with respect to the quality and level of audit
work performed for these five audits.
Since our result is based on a sample of plans, the 19%
error rate is an estimate of the true percentage in the population of
51,352 plans filing an auditor's report. Based on our sample we can be 95%
certain that the true rate lies between 10.9% and 27.1%. Combining this
confidence region with an approximate confidence region around the OIG's
estimate of 23%, we are unable to reject the null hypothesis that the true
rate has remained unchanged since the time of the OIG's study. Thus, the
fact that the point estimate in 1992 is lower than the point estimate in
1989 is suggestive that the true rate has declined in recent years.
However, we cannot definitively rule out the possibility that the apparent
decline is an artifact of sampling variation. Accordingly, we cannot
conclude from a statistical standpoint that the quality of employee
benefit plan audit work pertaining to the 1992 filing year has improved
since the OIG's study.
Appendix V
Strengthening the Quality of Plan Audits
AICPA Comments
March 28, 1996
Mr. Ian Dingwall
Chief Accountant
Pension and Welfare Benefits Administration
U.S. Department of Labor
200 Constitution Avenue, N.W.
Washington, D.C. 20210
Dear Mr. Dingwall:
The American Institute of Certified Public Accountants
(AICPA) appreciates the opportunity to comment on the Pension and Welfare
Benefits Administration (PWBA), Office of Chief Accountant's (OCA) report,
"Assessment of the Quality of Employee Benefit Plan Audits."
With the PWBA, we will bring additional improvements in this area and
strengthen the quality of employee benefit plan audits.
We are pleased to have joined with the PWBA in crafting
legislation, the Pension Audit Improvement Act of 1995 (S. 1490), which
was introduced in the United States Senate at the request of the
Department of Labor. The AICPA has been on record since 1978 supporting
repeal of the limited scope audit exemption which currently allows the
plan administrator to exclude plan assets held in a common or collective
trust or separate trust maintained by a bank or similar institution from
the scope of the independent audit. When this occurs, in virtually all
cases, the auditor will conclude that this is a significant limitation on
the scope of his or her audit and will not express an opinion on the
overall fairness of the financial statement presentation. This disclaimer
of an opinion gives no assurance to plan participants on whether the
financial statements are presented fairly in conformity with generally
accepted accounting principles.. We also believe that the legislation will
provide the Department with more timely notification of serious ERISA
violations that may adversely affect plan assets available to pay benefits
to workers and retirees.
As noted in the PWBA report, the AICPA, working with
the PWBA, has made a concerted effort to improve the guidance and training
available to auditors of employee benefit plans. They include revising the
AICPA Audit and Accounting Guide for Audits of Employee Benefit Planssk
alerts, conducting annual national conferences on employee benefit plans,
developing continuing professional educational courses and technical
checklists, and issuing accounting and auditing pronouncements aimed at
improving plan financial reporting and providing guidance for plan
auditors.
The PWBA's findings of any substandard audit quality
with respect to employee benefit plan audits are a matter that the AICPA
takes very seriously. We continue to encourage the PWBA to refer all cases
of alleged substandard audits to the AICPA's Professional Ethics Division
for investigatory and disciplinary action.
Proposed Actions to Strengthen the Quality of ERISA
Audits
We have consulted with the PWBA on additional actions
the AICPA and PWBA can take to strengthen the quality of ERISA audits.
These actions include the following:
Communicating to AICPA members the findings noted in
the PWBA's report and the importance of ERISA audits.
Developing additional audit programs, manuals,
checklists, or other technical practice aids.
Strengthening additional technical support for auditors
through the AICPA technical hotline.
Offering additional training programs on employee
benefit plan audits.
Identifying ways the AICPA can work with state CPA
societies to enhance training opportunities in employee benefit plan
audits.
Improving the AICPA's peer review process relative to
ERISA audits.
Developing a guide for plan administrators to use in
selecting independent auditors.
Exploring the possibility of instituting an ERISA
specialization for independent auditors.
The AICPA is committed to strengthening the quality of
employee benefit plan audits, and looks forward to continued collaboration
with the PWBA on this important matter.
Sincerely,
Original was signed by Ronald S. Cohen
Chair
AICPA Board of Directors
|
