Armanino Blog

Benefit Plan Audit Management Letters: What You Need to Know

by Patrick Carvey
May 05, 2021

Did you know that if an auditor detects discrepancies or deficiencies while performing an employee benefit plan audit, the auditor will communicate these to the plan sponsor in a management letter included with the audit? Management letters detail internal control-related problems or the failure of plan sponsors to fulfill their fiduciary duties. It’s important to address any items listed in the management letter promptly. Otherwise, errors could magnify and become more problematic and costly in the long run.

Fiduciary-Related Matters

The Employee Retirement Income Security Act (ERISA) defines a fiduciary as a person who performs one of the following duties:

  • Exercises discretionary authority or control over the management of an employee benefit plan or the disposition of the plan’s assets
  • Advises on plan funds or property for a fee or compensation, or has the authority to do so
  • Has discretionary authority or responsibility in plan administration
  • Is designated by a named fiduciary to carry out fiduciary responsibility

According to the ERISA Prudent Person/Exclusive Benefit Rule, fiduciaries are required to “discharge their duties solely in the interest of plan participants and beneficiaries and for the exclusive purpose of providing benefits for them while defraying reasonable plan administrative expenses.”

More specifically, fiduciaries must perform their duties with the “care, skill, prudence and diligence of a prudent person under the circumstances.” Duties must also be performed “in accordance with the plan documents and instruments” and fiduciaries must diversify plan investments “so as to minimize risk of loss under the circumstances.”

While ERISA doesn’t specify a degree of concentration that would violate the diversification requirement, it does state that fiduciaries should consider a few specific factors when making investment decisions:

  • The portfolio’s composition with respect to diversification
  • The portfolio’s liquidity and current return relative to the plan’s anticipated cash flow requirements
  • The risk of loss associated with plan investments
  • The projected return of the portfolio relative to the plan’s funding objectives

Among the most common fiduciary duties of employee benefit plan sponsors are to review and reconcile plan statements, conduct investment team meetings, remit employee deposits on a timely basis, review plan investment options and performance, send required annual disclosure to plan participants, and follow the plan documents.

Some plan sponsors hire third-party administrators (TPAs) to perform some of these duties, such as sending out annual disclosures. However, it remains the sponsor’s fiduciary duty to ensure that disclosures are sent on time.

Fiduciaries should meet regularly and document the items discussed and actions taken. These responsibilities may fall to an individual, a plan investment committee or the plan sponsor’s audit committee.

Internal Control-Related Matters

Auditors are required to communicate to plan sponsors certain internal control deficiencies that are identified during an audit. These exist when the design or operation of a control does not allow management or employees to prevent, or detect and correct, misstatements on a timely basis. Internal control deficiencies can be categorized as one of the following:

Material weakness – This is a deficiency, or combination of deficiencies, in internal control in which there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis.

Significant deficiency – This is a deficiency or a combination of deficiencies, that is less severe than a material weakness but important enough to merit attention by those charged with plan governance.

Deficiency in design or operation – Internal control deficiencies can be deficiencies in design or operation. A deficiency in design exists when a control necessary to meet the control objectives is missing or an existing control is not properly designed so that, even if the control operates as designed, the control objective would not be met. Meanwhile, a deficiency in operation exists when a properly designed control does not operate as designed or the person performing the control does not possess the necessary authority or competence to perform the control effectively.

Streamline Plan Audits

Carefully reviewing the management letter can yield additional benefits beyond addressing fiduciary- and internal control-related matters. Management letters often contain guidance and suggestions for improving plan policies and procedures and boosting efficiency.

For example, by reconciling employee deposits on a monthly or quarterly basis, you might be able to identify and correct errors before they’re spotted by the auditor. This can streamline the audit and potentially reduce audit costs.

Have Questions About the Health of Your Benefits Plan?

Whether you’ve received a benefit plan audit management letter or not, ensuring the integrity of the plan is your fiduciary duty. But fulfilling all the aspects of this responsibility can be challenging. Reach out to our Benefit Plan Audit experts today to learn more about how to keep your benefits plan financially healthy and strong.

Stay In Touch

Sign up to stay up-to-date with the latest accounting regulations, best practices, industry news and technology insights to run your business.

Related News & Insights
3 Third-Party Risks That May Affect Your Bottom Line
Discover how contract management can benefit your bottom line and help you develop efficient vendor relationships.

October 10, 2022
How Royalty Audits Strengthen Your Bottom Line and Business Relationships
If you aren’t auditing your licensees, you’re probably leaving money on the table.

October 07, 2021
Updated June 26, 2023
Real Estate Companies Face New Privacy Regulations and Challenges
We provide an overview of the basics for effective privacy policies and practices.

June 02, 2021