Under scrutiny: are pension plans being audited properly?

• Author: Miller, Alex
• Position: Cover Story

Listen up. An individual's retirement is sacred. Remember the uproar when it became clear that most Enron employees' retirement had been wiped out? Our profession provides the public with a sense of security about their retirement.

[ILLUSTRATION OMITTED]

Generally, all pension plans with 100 or more eligible participants require an annual audit by a qualified CPA firm. In turn, firms, corporations and trust funds should be hiring qualified consultants, actuaries, attorneys and administrators to oversee these pension plans--and CPA firms to audit them.

A few years ago, the Office of the Chief Accountant-Employee Benefits Security Administration of the U.S. Department of Labor reviewed of a sample of plans that filed Form 5500 with an attached audit report for the year ended Dec. 31, 1992. The DOL found a 19 percent error rate, indicating that auditors failed to comply with one or more of the established professional standards.

The DOL has performed another review of employee benefit plans for the year ended Dec. 31, 2000, and even though the results are not final, it appears that there is not a marked improvement.

Employee benefit plan audits must be performed in accordance with professional standards and guidance and cover the full scope of audit procedures, not just an audit of the investment assets.

This article highlights important procedures related to audits of defined contribution plans, although many of the steps also would be applicable to defined benefit plan audits.

PLANNING AND THE PENSION AUDIT

During the planning phase of an employee benefit plan audit, the auditor normally should request the following information from the plan's administrator:

1) Access to the employee's census data for the plan year, including date of hire, termination date, hours worked, employee contribution and employer matching (if it applies). birth date and compensation.

2) A cumulative listing of all the participants' accounts for defined contribution plans, including 401(k) plans.

3) A cumulative trust statement from the financial institutions that hold the pension's trusts investments.

4) A listing of all participant loans and their activity during the year, along with the requirements to obtain a loan.

5) Access to the pensioner's files containing documentation for the monthly pension benefits that the participant is receiving, including the approval for the pension benefit.

6) The SAS 70 reports describing the internal controls for the service organizations that hold the pension fund investments, execute transactions and maintain the related accountability. Distinguish between a Type 1 report that documents internal controls and a Type 2 report that both documents and tests internal controls. A Type 2 report may be used to assess control risk below the maximum. Even though you as the auditor rely on the SAS 70 report for internal control purposes, it is still your ultimate responsibility to read the report and determine if the controls described apply to your client and to carefully evaluate any caveats.

In addition to the information requested from the administrator, the auditor should prepare a planning test scope worksheet to calculate and document the amount that will be considered material to the financial statements in planning the audit. (Note: the DOL considers any dollar amount material.) In addition, the auditor should analyze the change in the financial line items from the prior year's audited financial statements to this year's ending general ledger balances and indicate the assessed audit risk...