In Focus Resource Center > Insights

Does Your Company Need a 401k Plan Audit?

By Kyle Drost .

If a company’s 401k plan has 120 eligible participants on the first day of the plan year, an audit is required. Once an audit has occurred, the 401k plan must be audited every year after that until the eligible participant number drops below 100. An eligible participant is anyone who is an employee of the company who meets both the statutory IRS requirements and the requirements of the company’s 401k plan agreement at the beginning of the year. Even if they decide not to participate in the plan, these individuals are still considered eligible participants. Terminated employees who have balances in the 401k plan on the first day of the plan year are also included.

If a 401k plan audit is required, a company’s financial statements will need to be completed and submitted with Form 5500 to the IRS within seven months after the end of the month the plan year ends. If an extension is filed, Form 5500’s due date can be extended an additional two and a half months and allows the financial statement due date to be extended as well.

For example, if your 401k plan ends December 31st the audit would need to be completed by July 31st of the following year. If an extension is filed, the deadline would then move to October 15th of the following year.

What Auditors Review During a 401k Plan Audit

The auditor will perform procedures, as part of a 401k plan audit, related to the company’s documentation and compliance with plan provisions. The plan will also be reviewed to ensure it follows specific U.S. Department of Labor and IRS regulations. In addition, the plan’s financial statements, including disclosures, will be read and Form 5500 will be reviewed to make sure the financial information is reported correctly.

Common Errors

Plan Document Failures

These occur when the plan document is not created in accordance with government regulations. This failure can be the result of an unintentional error that stemmed from the way the document was originally written. It can also occur when amendments are made to the plan in response to a regulatory or statutory change but were not completed in a timely manner.

When a plan document failure is discovered in a 401k plan audit, modification of plan documents is usually required in addition to issuing any favorable correction to plan participants.

Plan Operational Errors

These arise either when a transaction is not in accordance with the plan document, the participant’s instructions, or when the plan fails the non-discrimination test and the timely corrective action is not taken. Some common operational errors include failure to admit participants into the plan when they become eligible, incorrect contribution amounts made to the participant’s accounts, and incorrect vesting percentages being used when distributions are made.

If an operational error is discovered during a 401k plan audit, the error should be corrected in a timely manner. The most common errors can be corrected through the IRS’ employee plans compliance resolution system. This system has three programs that can be used to correct the errors depending on the significance and timing of the error(s). The three programs are the self-correction program, the voluntary correction program, and the audit closing agreement program.

Ensure Plan Compliance

Strong internal controls are essential to ensure plan compliance. The plan sponsor should read and fully understand the plan document, take responsibility for the operations of the plan, and monitor all recordkeeping and other service providers.

Even if your company is under the 120 or 100 participant threshold for a 401k plan audit, implementing strong internal controls is very important. Even if a third-party administrator manages a small company’s plan, companies are still held accountable for ensuring the proper internal control measures are in place for the plan’s compliance. In order to familiarize themselves with their service providers, companies should obtain the System and Organization Controls (SOC) 1 report. This report describes the control structure of the third-party administrator and outlines the controls the plan sponsors should have in place (referred to as Complementary User Entity Controls within the SOC 1 report) for the third-party administrator’s controls to work properly.

Even if your company has a small plan (defined as less than 100 participants), and a 401k plan audit is not required, it is still very important that your plan is operating in strict accordance with the guidelines of the plan-related documents and that the plan complies with the U.S. Department of Labor and IRS regulations.

If you need help determining if your company requires a 401k plan audit or if your company is compliant, please contact our Employee Benefit Plan Audit Practice.

Our specialists are here to help.

Get in touch with a specialist in your industry today. 

* Required

* I understand and agree to Citrin Cooperman’s Privacy Notice, which governs how Citrin Cooperman collects, uses, and shares my personal information. This includes my right to unsubscribe from marketing emails and further manage my Privacy Choices at any time. If you are a California Resident, please refer to our California Notice at Collection. If you have questions regarding our use of your personal data/information, please send an e-mail to