Why Does a 401(K) Audit Cost So Much?

How much does a 401(k) audit cost? If you’ve recently been told your 401(k) plan needs an audit and you’ve never gone through the process before, you’re not alone—and you’re probably a little shocked by the price tag.

Once your plan crosses the 100-participant threshold, your recordkeeper or third-party administrator will send you a notice asking, “Do you have an auditor yet?”

When they hear the actual quote from a 401(k) plan auditor, the reaction is often disbelief. “How can it possibly be that expensive?” they ask. Especially when, in their view, most of the data is already available from their recordkeeper, third party administrator, custodian or trustee. If the information is already there, why can’t the auditor just write up a report and be done with it?

For a first time audit, there are always questions about why the process takes so long, why auditors need so much information and, of course, why is it so expensive? The reason, just like the audit, is complex.

Biggest Cost Drivers:

  • 401(k) plan auditors require specialized training and must follow an extensive set of rules set by the Department of Labor (DOL) and the IRS than other types of auditors are subject to.
  • Complex compliance requirements create the need for in-depth testing, with your auditor following up on any discrepancies, potentially resulting in a higher bill.
  • Audits found to be deficient must be corrected or even redone, creating more costs.
  • Both you and your auditor could be at risk of litigation in the case of fraud, which promotes even stricter due diligence requirements.

Complex Standards, Rules and Regulations

401(k) plan audits — especially the first one — often cost more than expected because of the time-intensive, multi-step process required to ensure an accurate and speedy audit.

Auditors who perform 401(k) plan audits require a great deal more specialized knowledge and training than a non-401(k) plan auditor so they can have a thorough understanding of compliance rules and the penalties for noncompliance. The 401(k) audit is an overall very meticulous and time-consuming process. Due to the specifics of 401(k) plan auditing, audit firms have to be selective in their hiring practices and must also ensure auditors undergo the required training and education on changing regulations.

While there are some similarities between a financial statement audit and a 401(k) audit, there are numerous differences that separate them. In a typical financial statement audit, an auditor can use “materiality” that they can’t with a 401(k) plan audit. Materiality is a concept that helps auditors determine where they should focus during an audit. If an auditor discovers that an account has $2 less than it should, they may not investigate it if it falls under the accepted threshold.

A compliance focused audit, however, doesn’t use materiality. Without materiality, if there’s a difference of just $2, your auditor must investigate it. There are legal issues involved because of the various federal regulations and legislation that make this requirement nonnegotiable.

401(k) plan audits are governed by several federal regulators, including the IRS, the Department of Labor (DOL) and the Pension Benefit Guaranty Corporation (PBGC). Auditors are also subject to audit standards and accounting rules and regulations. It’s also vital for your auditor to understand legislation such as the SECURE Act and SECURE 2.0 and their impact on plans.

In addition, each audit firm has their own standards for the process, which also impacts pricing. Some firms may want to dive a little deeper into testing or may test different areas than another firm. Firms are allowed to have different requirements because the auditing standards allow for “auditor judgment.” Cheaper firms may skip some of the more intensive testing, saving you dollars upfront, but the cost can come back to bite you later because they missed something.

Payroll Processing and Investment Options

Payroll processing is another area that an auditor must know, inside and out. As an auditor, they’re required to be very well versed in different third-party administrators and different payroll providers. Not only do they have to familiarize themselves with those providers’ processes, but your processes and how the two interact.

Depending on the types of investments within your plan, your auditor may need additional time to evaluate them. Many plans have all mutual funds or stocks, but some plans include real estate and even loans, which take more time. For their first time auditing your 401(k) plan, your auditor has no way of knowing exactly what’s in your plan until they begin working, especially when it comes to the intricacies of your payroll. 

Layered, In-Depth Testing

Testing is another layer driving the complexity of a 401(k) plan audit. If you’ve withheld $10 for a participant, your auditor will have to not only test that the $10 was put into the account, they also have to test to make sure that $10 itself was correct, that the money was taken in the first place and put into the plan the way the participant wanted. Is $10 correct, or did the participant request for only $5 to be withheld, or did they want $20 withheld? In short, your auditor is not only testing what happened, they’re testing for what should have happened, which is an altogether more complicated task. If what happened and what should have happened aren’t in agreement, that will add more time to your audit, increasing the cost in the process.

Intensive Documentation

Auditors are required to keep extensive records of their work. Your auditor will need to document every action they take and document your actions as well. At several points during the audit, your auditor will come to you requesting documents and the speed of your audit will depend on how quickly you can send them the correct records, so it’s important to keep consistent records.

Strict documentation is essential because the audit will likely be performed again next year, and it may have a different auditor assigned to it. The new auditor will use the work done the year before to better understand the plan and how it works, as well as the payroll processes. If that documentation isn’t present or detailed enough to be helpful, the audit will need to start from scratch, which is obviously not very cost-effective.

Multiple Rounds of Reviews

Another major reason for documentation is the many rounds of reviews that the final audit report goes through.

  • Internal Review – The report is reviewed internally by your audit firm to ensure the math adds up and to remove any spelling or formatting errors. The reviewer may ask the auditor to clarify or correct an error. If any documentation is missing, you or your TPA may be asked to provide it.
  • Peer Review – Audit firms are required to undergo peer review from another firm every three years. A successful peer review shows a firm’s quality of work, which is an important feature when it comes to selecting an auditor. When vetting different audit firms, you can ask if they’ve had a peer review. If not, that should be considered a red flag because it’s a standard requirement, not something optional.
  • Regulatory Agency Review – More serious than the previous two, in this review, the DOL or the IRS may review your audit after your final report is submitted. If the DOL completes the review and finds nothing out of order, you’ll receive a letter from them announcing the end of the review. Otherwise, the agency will highlight areas of your audit that need more action. In the worst-case scenario, the agency will call the audit deficient. Once an audit is deficient, it’s thrown out and doesn’t count, so you’ll be required to either work with your current auditor to fix it or find a new auditor and redo the entire process. If the DOL finds your audit truly insufficient, the firm or individual auditors can be reprimanded, resulting in serious, potentially career-ending consequences.

Risk of Litigation

The last level of review would be a court case. In this instance, something’s gone wrong, maybe there’s some type of fraud that’s taken place. For example, maybe the owner of the company has illegally taken funds from the employee benefit plan, but the auditor didn’t catch it and instead issued a clean audit opinion. Once the theft is discovered, the participants can sue the auditor in court for issuing a clean audit opinion when clearly there is evidence that funds were misappropriated. This is incredibly rare, but it is a potential risk and a reason why documentation is so important.

A good audit is a thorough one, and if you bear a fiduciary duty for your company’s 401(k) plan, you bear a legal responsibility toward your plan’s participants. Make sure the firm you hire knows what they’re doing, understands the unique requirements of EBP audits, and has the documentation to back it up. Because if that audit ever gets pulled — by a reviewer, regulator or court — you want it to pass.

For more information on how our 401(k) audit team can help, request a free consultation below to discuss your unique 401(k) audit needs. 

View all Blog Posts

Our firm provides this information for general educational guidance only and does not constitute the provision of legal advice, tax advice, accounting services, investment advice, or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal, or other competent advisers. Before making any decision or taking any action, you should consult a professional adviser who has been provided with all pertinent facts relevant to your particular situation. Podcasts posted by Anders CPAs + Advisors are not intended to be used and cannot be used by any individual or business, for the purpose of avoiding accuracy-related penalties that may be imposed on the taxpayer. The information is provided "as is," with no assurance or guarantee of completeness, accuracy, or timeliness of the information, and without warranty of any kind, express or implied, including but not limited to warranties of performance, merchantability, and fitness for a particular purpose. Please note that some content may be generated using artificial intelligence and is intended for educational and informational purposes only. In no way does listening, reading, emailing or interacting on social media with our content establish a professional relationship.