Sponsoring a 401(k) plan can bring tremendous value to your organization. Having a great benefits plan can boost the morale of your team members, for example, and improve your ability to attract and retain top talent.

Managing your 401(k) plan, however, can get more complicated.

Many companies fail to meet their basic responsibilities as plan sponsors. Whether you sponsor a large or small plan, your fiduciary responsibilities are the same. The Department of Labor (DOL) and Internal Revenue Service (IRS) both conduct examinations of 401(k) plan sponsors, so it is critical to understand and meet your responsibilities.

Many plan sponsors are overly reliant on third-party service providers, assuming that because they are paying a service provider manage their plan, all of their responsibilities have been met. In reality, many 401(k) sponsors neglect their fiduciary duties, harming their employees and organization. Failing to meet regulatory requirements can lead to larger investigations from the IRS and the DOL, and more money from your pocketbook.

As a plan sponsor, you are responsible for managing your employees’ assets. The IRS and the DOL have published requirements on the fiduciary responsibilities of plan sponsors.

Some of the commonly overlooked requirements include:

Your third-party provider can also help you understand your responsibilities. Just remember that hiring a third-party plan provider alone doesn’t ensure you are meeting your obligations; in fact, reviewing their work is part of your fiduciary responsibility.

Government examinations are not the best time to discover problems with your plan. Understanding the problems that are typically found during an examination can help plan sponsors find and correct issues before they are revealed under examination.

For instance, many sponsors fail to meet document retention requirements, mistakenly assuming their third-party plan provider keeps all documents. When participants take a hardship distribution or borrow money from the plan, these activities must be documented, and records should be retained.

It is common for plans to fail to adequately define ‘compensation’ and ‘contributions,’ which leads to incorrect matching contributions that can create liability and interest for the plan sponsor. Many smaller plans have nondiscrimination issues, where plan contributions are unfairly top heavy. Other plans have problems omitting eligible employees. Management must notify employees when they become eligible and follow up on participation.

The DOL voluntary fiduciary correction program generally provides plan sponsors with the opportunity to self-report and correct problems before fines are assessed. The IRS and DOL are generally much more lenient regarding self-reported corrections than problems found under examination.

Regardless of the size of your plan, you have a fiduciary duty as the plan sponsor. While larger plans require audits that often identify problems during the audit process, smaller plans must also ensure that their fiduciary responsibilities have been met.

For more information regarding the responsibilities of 401k sponsors, get in touch with one of our 401k plan auditors.

To inspire more employers to offer retirement savings plans, a regulatory change has reduced the number of employee benefit plans required to obtain an audit report with Form 5500, “Annual Return/Report of Employee Benefit Plan.”

For plan years beginning on or after January 1, 2023, only plans that have 100 or more participants with account balances at the beginning of the plan year are now counted as a “large plan,” and therefore subject to audit requirements. Previous regulations specified that all eligible employees needed to be counted in determining whether a specific plan was large (whether or not they participated in the plan).

This change means fewer retirement savings plans will need to obtain a Form 5500 audit, saving them the cost and administrative requirements associated with an external audit.

Plans with fewer than 100 participants that have account balances will instead be able to file the Form 5500-SF. This form has fewer schedules and disclosure requirements than Form 5500.

In its Regulatory Impact Analysis, the U.S. Department of Labor estimated more than 19,000 of the nation’s 149,000 large plans, nearly 13%, would no longer be classified as large plans.

In addition to reducing administrative burdens and costs for smaller plans, the new threshold was designed to encourage more small businesses to offer retirement plans to employees.

The “80/120 participant rule,” which was not affected by the 2023 changes, offers an important exception related to Form 5500 filing requirements for employee benefit plans. The 80/120 rule allows plans with between 80 and 120 participants at the beginning of the plan year to file Form 5500 in the same category (large or small) as they did in the previous year.

Under this rule, a plan that filed as a small plan in the previous year can maintain that filing status until it reaches 121 participants. Similarly, any plan that filed as a large plan in the previous year can continue to file as a large plan until it drops below 100 participants.

The rule provides consistency and flexibility for plans hovering around the 100-participant threshold, allowing them to avoid switching between large and small plan status (along with the associated changes in filing requirements) from year to year.

Looking ahead to the 2024 plan years, the Department of Labor is expected to make additional changes under the 2022 SECURE Act (known as SECURE 2.0) designed to simplify plan administration while making retirement plans more accessible and attractive to employees.

For instance, effective January 1, 2025, the definition of a Long-Term Part-Time employee is scheduled to change to include part-time employees who worked at least 500 hours in two consecutive years (rather than the three years required in 2024). This eligibility is determined by looking at hours worked since January 1, 2021.

While this change could expand the number of employees eligible to participate in a plan, the administrative cost is likely to be offset for many plans by the reduced “large plan” criteria outlined above.

Also starting in 2025, companies that request an extension for filing Form 5500 with the Department of Labor will be able to do so electronically, rather than having to file a paper form.

To discuss the filing changes and potential implications for your employee benefit plan, contact us.

Audit confirmations are information requests, typically distributed by email or through secure portals, in which accountants ask third parties to confirm information provided by the company being audited.

Audit confirmations are a powerful tool for auditors that provide independent evidence to substantiate various financial statement assertions.

To be considered credible, the confirmation process should be performed between the auditor and the third party verifying the requested information. Confirmations received directly by the auditor from the confirming parties are more reliable than evidence generated internally by the audited entity.

For example, a company being audited providing bank statements is not considered credible evidence because the statements may have been created or edited by the company. Instead, the auditor interacting directly with the bank to verify balances mitigates the risk of a statement containing inaccurate or modified information. As such, auditors perform bank confirmations to validate the information on the bank statements received from the company.

Audit confirmations can be categorized by their format:

While specific inquiries can vary according to the company, industry, or specific risk factors, common confirmation requests center around:

In late 2023, the SEC and the PCAOB approved AS 2301, The Auditor’s Use of Confirmation, to replace guidance for audits of public companies. The new standard, which emphasizes auditors’ responsibility to use confirmations to obtain reliable audit evidence, makes a number of changes that include:

While these changes do not impact private company audits, it is important to consider these changes when evaluating the sufficiency of confirmations for an audit.

If a third party does not provide the requested confirmation or does not agree with the information presented for confirmation, auditors can use alternative methods to verify information. These may include:

Several potential obstacles can hinder the effective use of confirmation requests in the audit process. For instance, many large enterprises, as a matter of policy, will not respond to requests related to their suppliers or other business partners.

In other instances, a company may have outdated contact information for the third party, so a confirmation request is never received. Another common challenge is a data entry error, such as transposing two digits, that causes a mismatch between specified amounts in two locations. In these situations, auditors will turn to the alternative methods described earlier.

If you have questions about the use of confirmations during the audit process, contact us.

As auditing keeps pace with technological advancements and adjusts to evolving business standards and regulatory expectations, businesses are actively embracing the integration of continuous auditing into their day-to-day operations.  

Continuous auditing involves the use of automated audit evidence collection and review of an organization’s IT systems, transactions, processes, and controls on an ongoing basis. This review helps ensure policy and regulatory compliance by providing early warnings about potential control failures or other issues.  

Continuous auditing empowers businesses to monitor and analyze data sources and operational processes in real time, enabling prompt action to uphold the accuracy and integrity of financial information. By implementing continuous monitoring, businesses cultivate stakeholder trust and confidence by demonstrating a proactive approach and management commitment to accountability and transparency. 

Continuous auditing is a dynamic process designed to enhance the internal audit function and supplement interim and annual programs. Real-time risk identification and evaluation through ongoing monitoring enables the organization to address and mitigate potential issues promptly to minimize their impact on operations and financial performance. Other key benefits include:  

Reduce the risk of penalties and other adverse consequences by sustaining ongoing adherence to regulations, internal policies, and industry standards. 

Prevent potential financial losses or disruption by identifying and promptly investigating errors, anomalies, and irregularities in financial data and operational processes.  

Manage fraud risks and detect fraudulent activities by identifying suspicious patterns, deviations from norms, and unauthorized transactions. 

Reduce costs, enhance productivity, and improve operational efficiency by identifying areas of improvement and streamlining workflows.  

Mitigate the risk of control failures by monitoring access controls, segregation of duties, and approval workflows. 

Expand audit coverage by analyzing a larger volume of data and providing a more comprehensive assessment of risks, controls, and compliance across the business. 

Enable auditors to prioritize higher-risk areas, conduct deeper analysis, and deliver more incisive recommendations by enhancing the quality and efficacy of internal audits. 

Provide real-time insights into cybersecurity threats and vulnerabilities by continuously monitoring networks, systems, and data. 

Continuous auditing enables businesses to make greater-informed decisions, mitigate risks, and maintain transparency and efficiency in their operations through proactive risk management measures, enhanced compliance monitoring, and timely feedback.

Identifying and mitigating potential implementation challenges is important to building a successful continuous auditing program. Some common obstacles to instituting continuous auditing within a business include: 

Despite the challenges, businesses can navigate the implementation of continuous auditing successfully by harnessing technology, innovation, commitment, and strategic planning. 

Continuous auditing heavily relies on automation and technology for efficient collection, processing, and analysis of large datasets. Utilizing advanced data analytics tools, AI, machine learning algorithms, and robotic process automation (RPA) streamlines audit procedures to identify patterns, trends, and outliers for further investigation.  

Successful implementation of continuous auditing necessitates seamless integration with the organization’s business processes and systems. This includes establishing secure connections to pertinent data sources like ERP systems, databases, and transactional applications to ensure compliance with data privacy regulations. Additionally, factors such as scalability, compatibility, and ease of integration with existing systems should be considered carefully. 

Judgment remains essential in continuous auditing to interpret results, assess relevance, and make informed decisions based on the data analyzed by automated processes. While automation facilitates data processing and the identification of deviations, human judgment is crucial for contextual understanding, identifying false positives, and determining the significance of findings in relation to the organization’s goals and risk tolerance. 

Implementing continuous auditing initiatives represents a significant step forward for businesses seeking to optimize their audit processes, improve risk management practices, and increase operational efficiency. Successful implementation of continuous auditing requires careful planning, collaboration, and expertise.  

Leveraging the guidance and support of experienced consultants can be valuable in navigating the complexities of continuous auditing initiatives and ensuring their effective integration into the organization’s audit framework.  

To capitalize fully on the advantages of continuous auditing, businesses are encouraged to undertake the following:  

Continuous auditing signifies a transformative change within the audit landscape. By leveraging technology, embracing a risk-based methodology, and aligning audit processes with organizational workflows, businesses can maximize the advantages of continuous auditing and facilitate continual growth and success. 

Contact us to explore how continuous auditing can help your business stay ahead and become more adaptable and robust in today’s business environment. 

For public companies offering employee stock purchase plans or defined contribution plans with options to invest in the plan sponsor’s stock, Form 11-K is an essential compliance document designed to ensure transparency and accountability to employees and investors.  

The annual 11-K report, which provides a detailed account of the plan’s financial health and its policies, is required by the U.S. Securities and Exchange Commission (SEC) to maintain investor confidence in a company’s governance practices. Understanding what Form 11-K entails, stakeholder expectations for the form, and how to file the report can help companies stay compliant and avoid potential compliance risks.

Form 11-K must be filed annually by companies that offer employee stock purchase, savings, or similar plans in which employees have the option to invest in company stock. The filing is generally due within 90 days after the end of a given plan’s fiscal year.

Public companies, as well as certain private entities with registered employee stock plans, are required to submit Form 11-K if they are subject to SEC regulations. The content of Form 11-K covers several key areas:

Other important details include a description of the plan’s purpose, structure, and any significant changes made during the reporting period, as well as disclosures such as administrative fees or conflicts of interest that could affect the plan.

Financial statements must be prepared in accordance with SEC requirements (Regulation S-X) or ERISA requirements.

Meeting the filing requirements involves understanding the process, including the deadlines, electronic filing mandates, and the SEC’s review procedures. Form 11-K must be filed within 90 days after the plan’s fiscal year end, and if the plan is subject to ERISA, it should be filed within 180 days of the plan’s fiscal year-end. Companies can request an extension if necessary.

The form must be submitted electronically via the SEC’s EDGAR system. Once filed, the SEC reviews the document for completeness and compliance, and may ask for additional information or corrections if needed.

Auditors play a crucial role in the Form 11-K process. They are responsible for auditing the plan’s financial statements to ensure accuracy and compliance with applicable standards. Generally, a financial statement audit is required to evaluate the plan’s net assets and overall financial health, and to obtain reasonable assurance the plan is being managed according to its stated terms.

The auditor’s report, which accompanies Form 11-K, provides an opinion on whether the financial statements are presented fairly in all material respects. A clean auditor’s opinion indicates sound management practices, helping to maintain investor trust.

To stay compliant, companies should focus on several best practices:

Understanding and filing Form 11-K correctly is crucial for any company with employee stock purchase plans. By meeting stakeholder and regulatory expectations, companies can maintain compliance, protect their reputation, and continue to foster trust among employees and investors.

To learn more about Form 11-K filling and the audit process, contact us.

Preparing an 11-K report is a critical step for companies with certain types of employee benefit plans, serving as a vital tool to ensure compliance with Securities and Exchange Commission (SEC) requirements. These reports, filed annually, detail the financial condition of employee benefit plans in which employees can invest their contributions in employer securities, such as 401(k) plans with a company stock investment option.

Auditors play an essential role in this process by providing expertise to ensure filings are accurate and compliant, which in turn minimizes the risk of penalties or reputational damage.

For compliance professionals contemplating a change in auditors, choosing the right partner is invaluable in helping them navigate the complexities of 11-K filings and achieving 11-K readiness.

11-K filings come with unique challenges, and understanding the specific requirements is important. Auditors are responsible for examining the financial statements of employee benefit plans and attesting to their fairness and compliance with accounting standards. Their work must be independent, objective, and thorough.

Independence and Objectivity 

Independence is a cornerstone of a reliable audit. Auditors must remain free from conflicts of interest and committed to unbiased assessments.

Expertise in ERISA and Employee Benefit Plan Audits 

Auditors need specialized knowledge of the Employee Retirement Income Security Act (ERISA) and employee benefit plan audits to understand key aspects such as fiduciary responsibilities and the associated reporting requirements.

Familiarity With SEC Filing Requirements 

Given the intricate nature of SEC regulations, auditors must be deeply familiar with the SEC’s filing requirements for 11-K reports.

11-K audits can present several challenges, including evolving regulations, complex plan structures, and data management issues. The right auditor can help mitigate these challenges by staying up to date on regulatory changes, maintaining a deep understanding of industry practices, and employing robust data analytics tools to ensure accuracy.

Not all auditors are the right fit for your company, especially when it comes to the unique demands of 11-K filings. Knowing when to consider a change can save time, money, and stress.

For instance, selecting an auditor who matches your company’s risk profile and growth strategy is important. An auditor with a deep understanding of your industry and business model will be better positioned to provide accurate insights and recommendations that support your long-term goals.

Conversely, an auditor who lacks industry-specific experience or fails to stay updated on evolving regulations can put your company at risk. Communication issues, such as delayed responses or a lack of transparency, are another red flag.

When considering a new auditor, it is essential to evaluate several factors to ensure they meet your company’s needs. The following criteria can help you evaluate potential partners:

Industry Specialization and Track Record 

Look for auditors specializing in employee benefit plans with a proven track record with 11-K filings. Their experience can offer peace of mind, knowing they have successfully navigated similar challenges before.

Comprehensive Understanding of 11-K Requirements and SEC Regulations 

Your auditor should demonstrate a strong understanding of 11-K requirements and SEC regulations, ensuring that your filings comply with all applicable standards.

Reputation for Integrity and Independence 

Choose an auditor known for their integrity and independence. This reputation is built through consistent adherence to ethical standards and a commitment to objective assessments. Look for membership in the AICPA’s Employee Benefit Plan Audit Quality Center.

Accessibility and Client Service 

Accessibility and responsiveness are key. An auditor who is available when needed and provides timely feedback can make the 11-K filing process smoother and more efficient.

Use of Technology and Innovative Tools 

The right auditor will leverage technology to enhance audit efficiency and accuracy. Look for firms that use advanced data analytics, digital audit tools, and other innovations to streamline the process.

When selecting a new auditor, ask questions that help determine their alignment with your needs. Inquire about their experience with similar clients, their approach to staying current with regulations, and how they manage client communication and expectations.

A productive working relationship with your auditors and advisors is key to successful 11-K readiness. Regular communication and clear expectations, for instance, are essential. Involve your auditors in planning discussions and leverage their expertise for training and internal process improvement. Building a collaborative relationship fosters trust while improving the efficiency of the 11-K filing process.

By understanding your auditor’s responsibilities, evaluating your current partnerships, and selecting the right team for your needs, you can ensure a smooth path to 11-K readiness.

To learn more about effective 11-K filings, contact us.

Increasing the frequency of SOX audits is a strategic move that helps companies enhance the robustness of their internal controls, improve financial reporting accuracy, and ensure ongoing compliance with regulatory requirements.

Companies typically conduct interim and year-end SOX testing as part of their audit plan, but relying solely on interim and year-end SOX testing may result in limited visibility, delayed issue identification, increased risk exposure, complacency, inadequate response to change, and regulatory scrutiny. 

To mitigate these diverse risks, organizations should complement periodic testing with continuous monitoring and auditing practices to ensure ongoing compliance, enhance control effectiveness, and address emerging risks and issues promptly.

Increasing the frequency of SOX audits can provide several benefits:

Frequent audits allow for the early detection of compliance issues and internal control weaknesses. By identifying problems as they arise, companies can implement corrective actions promptly and reduce the risk of financial misstatements and regulatory penalties.

Increased audit frequency can streamline operations by embedding compliance into daily business processes. This integration fosters a culture of continuous improvement, where compliance becomes a routine part of the organizational workflow rather than a periodic checkpoint.

To fully realize the benefits of more frequent SOX audits, organizations must implement a structured approach that incorporates technology, risk assessment, collaboration, and continuous education.

Here are some essential strategies for increasing the frequency of SOX audits effectively:

Utilize automation and advanced data analytics to facilitate continuous auditing. These tools can monitor transactions and controls in real-time, providing immediate insights and reducing the burden of manual audit tasks.

Focus on high-risk areas that have the greatest potential impact on financial reporting. By prioritizing these areas, companies can allocate resources more effectively and ensure critical risks are identified and addressed promptly.

Foster collaboration between internal audit, compliance, and financial reporting teams. Regular communication and information sharing can help identify and address issues more efficiently, ensuring that all stakeholders are aligned on the organization’s compliance objectives.

Invest in ongoing training for audit and compliance personnel. Keeping staff updated on the latest regulatory changes, auditing techniques, and technological advancements is essential for maintaining an effective continuous auditing program.

Increasing the frequency of SOX auditing offers numerous benefits, from timely issue detection to enhanced operational efficiency. By adopting a more frequent audit schedule, leveraging technology, and focusing on high-risk areas, organizations can strengthen their compliance posture and build a robust framework for financial integrity.

As the business environment continues to evolve, embracing continuous and frequent SOX auditing will be key to staying ahead of the curve and ensuring long-term success. Contact us to explore ways to enhance your internal control program and reduce year-end SOX audit pressures.

Disruptions are inevitable in business and their effects can be quite significant for small to medium businesses (SMBs). By taking the initiative and embracing business continuity planning, SMBs can mitigate risk, navigate uncertainty, and emerge from adverse situations stronger and more resilient.

Larger corporations typically have dedicated resources for risk management, while SMBs do not possess the same level of preparedness. But SMBs are equally vulnerable to disruptions, whether from natural disaster, cyber-attack, power outage, equipment failure, human error, or supply chain disruption that affects critical business operations.

Investing in business continuity is valuable not only in mitigating risks and addressing emerging threats, but also in safeguarding the long-term sustainability of the business and maintaining trust and confidence among customers, investors, and other stakeholders.

Customers and suppliers increasingly want to collaborate with organizations that demonstrate their commitment to reliability, risk management, and responsiveness through an effective business continuity plan (BCP). Customers depend on SMBs to deliver products or services consistently and dependably, while suppliers depend on their customers to maintain stable demand for their offerings.

Internal challenges can pose significant barriers to the successful implementation of business continuity strategies for SMBs. For companies with simple organizational structures and fewer personnel, it can be challenging to identify critical processes, assess risks, and develop mitigation strategies. These obstacles may include:

Business continuity planning involves developing and implementing a comprehensive set of organizational policies and procedures to prevent and recover quickly from crises. Establishing a dedicated Business Continuity Planning Team entrusted with the responsibility to design, implement, and maintain a robust BCP is imperative for an organization’s ongoing success.

Developing an effective BCP requires a thorough understanding of the organization’s operations and dependencies, and the recognition of potential vulnerabilities. In most cases, SMBs choose to optimize the expertise of consultants that specialize in the complex planning involved with BCPs. Consultants partner with the organization and serve as a key advisor, offering guidance on effective BCP strategies and implementation.

Key components integral to business continuity planning that consultants often tailor to the needs of specific companies include:

Planning for these actions before a disruption resulting from a disaster or other unplanned event is critical to help mitigate risk and ensure the availability of potentially scarce resources when they’re needed most in the immediate aftermath of a crisis.

Contact us for innovative solutions and actionable strategies to help prepare your business for the unexpected.

As publicly traded companies work to optimize their Sarbanes-Oxley (SOX) compliance, increasing the efficiency and effectiveness of those efforts requires management to better understand organizational risks, align management and the audit committee, train process owners, increase automation, and centralize the monitoring of risk exposures and control performance.

The optimization process starts with an effective risk assessment that helps the company understand its exposures and map the various controls that help it mitigate those risks. The types and number of needed controls will depend on a specific company and its risks.

It’s also important to avoid imposing more controls than the company needs to mitigate risks effectively because each control bears costs for design, documentation, testing, evaluation, and reporting. Understanding the company’s risks, and ensuring you have the correct number of controls, is key to effectiveness and efficiency. This can be further enhanced through a control rationalization, with a deeper review of key risks and the alignment of mitigating control activities.

Management and the audit commitment play important roles in SOX compliance by setting the appropriate “tone at the top” by actively asking about and understanding the company’s key risks, and allocating resources to the implementation and evaluation of the appropriate controls. By demonstrating that they believe in and understand risk management and compliance, they set a tone that the rest of the company will generally follow.

A valuable way to increase efficiency and potentially reduce the cost of a SOX review is making it as easy as possible for external auditors to rely on the company’s testing and documentation. Under SOX, external auditors are required to sign off on the company’s internal controls, give an opinion about the effectiveness of those controls, and identify any deficiencies.

To make these determinations, the auditors will either rely on the company’s control testing and documentation, or will have to perform that testing themselves. While a company won’t be able to reach a point where the auditors rely exclusively on the company’s testing, expanding the percentage of company-tested controls increases efficiency. It does this by reducing the volume (and cost) of auditor testing, as well as avoiding controls being tested twice by the company as well as by the auditors.

Another important step in optimizing SOX compliance is providing training for financial reporting process owners—the managers with oversight responsibilities for specific processes. In addition to setting the tone at the top with messaging from a SOX sponsor (e.g., the CFO), managers need to understand the nature of transactional flows and data involved with significant processes—and be enabled to identify gaps in the performance or documentation of those steps. They should also understand the risks that could affect material accounts.

As part of this training, process owners need to understand the value of testing and documentation outside of preparing for an audit. These steps need to be part of ongoing, year-round risk management activities.

While the role of automation in financial reporting is early and evolving in many organizations, the advantages of streamlining the financial processes that underlie the controls being evaluated will pay dividends in SOX compliance. A large portion of the SOX effort and control performance are steps that are repeated through the fiscal year and across fiscal years.  Where tasks are repeated and involve systems or applications, there are opportunities to automate.

For instance, the vast majority of the information needed for SOX compliance is produced during the accounting period close. Critical activities that occur during closes include journal entries, analyses, reconciliations, approvals, and more—all of which need to be documented and are subject to auditor review.

Tools such as BlackLine increase process accuracy and SOX compliance by importing data from feeds and matching transactions to reconcile accounts automatically, posting journal entries, and coordinating task completion and approval using real-time dashboards. This reduces reliance on manual tools and the risk of data existing in disparate spreadsheets.

To the extent various activities can be automated, the company and its auditor benefit. Manual processes, documentation, and testing are more expensive and typically have higher rates of deficiencies. Where companies have more automation, auditors see fewer deficiencies and smoother, more efficient testing that is conducted with less work and a lower resulting cost.

Companies can increase the efficiency and effectiveness of their SOX compliance efforts by creating a project management office to coordinate their compliance efforts. Depending on the size and scope of the company, that oversight could come from one person, a team, or someone using a combination of internal and outsourced resources.

Without regard to how the role is structured, it’s important for the team member to have an appropriate level of knowledge and experience to coordinate its SOX compliance efforts year-round to ensure controls are performing as designed, and that emerging issues are addressed as quickly as possible.

If your company needs assistance with implementing effective SOX internal controls, reach out to our team of audit professionals who can support you throughout the process.

As 401(k) plan sponsors plan for 2024 and subsequent years, they can take advantage of several improvements to the 2022 SECURE Act (known collectively as SECURE 2.0). These changes simplify plan administration while making retirement plans more accessible and attractive to employees.

Some of the key provisions affecting plan sponsors include:

Plan managers need to understand the SECURE 2.0 changes to 401(k) administration to ensure compliance with the changed regulations and their ability to meet their existing responsibilities.

SECURE 2.0 allows plan sponsors to make discretionary amendments to increase participant benefits for a previous plan year. Effective Dec. 31, 2023, changes will be permitted after the end of a plan year, provided the amendments are adopted by the due date of the sponsor’s next federal tax return. This changes the current requirement that plan amendments be adopted by the end of a plan year in which the amendment is effective.

In late August, the IRS announced a two-year delay in implementing SECURE 2.0 regulations that would have required employees older than 50 and earning more than $145,000 annually to make “catch-up” contributions only via Roth IRA post-tax accounts.

These provisions were delayed until 2026 after feedback from employers and retirement program managers. The employers and managers said they would not be able to implement the provision in time, given the administrative complexities of setting up systems to ensure highly compensated employees would only be making Roth catch-up contributions.

Under current law, employees who have attained age 50 are permitted to make catch-up contributions more than the otherwise applicable limits. Section 109 increases limits to the greater of $10,000 or 50% more than the regular catch-up amount in 2025 for individuals who have attained ages 60, 61, 62 and 63. The increased amounts are indexed for inflation after 2025.

Under current law, participants are generally required to begin taking distributions from their retirement plans at age 72. SECURE 2.0 increased the required minimum distribution (RMD) age for participants to 73 starting on Jan. 1, 2023, and increases the age further to 75 starting on Jan. 1, 2033. IRS Notice 2023-54 provides interim transition relief for plan administrators, payors, participants, IRA owners, and beneficiaries in connection with the change in the required beginning date for RMDs.

Section 350 provides a grace period of 9-1/2 months after a plan year ends for sponsors to correct, without penalty, errors associated with the automatic enrollment of employees into a plan. The grace period also applies to errors related to the automatic escalation of contribution amounts or contribution matches for current plan participants.

Section 350 is effective to errors after Dec. 31, 2023, and should provide peace of mind for HR professionals who may have been worried about potential penalties under the current regulations.

Starting Jan. 1, 2024, plans will be required to allow employees who have worked more than 500 hours in three consecutive 12-month periods to contribute elective deferrals to the plan.

Employers are not required to make matching contributions on behalf of these employees, but may choose to do so.

This change means employers will have to track employee hire dates and hours worked dating back to Jan. 1, 2021, to determine the eligibility of specific employees. Employers need to consider the implications this broader eligibility may have for plan administration. It may be easier, for instance, to allow all employees to contribute rather than tracking hours to determine eligibility.

Starting in 2025, the three-year threshold for part-time eligibility will decrease to two consecutive 12-month periods.

New SECURE 2.0 provisions allow workers to withdraw up to $1,000 from their savings penalty-free to meet personal or family emergencies. Only one withdrawal is allowed per year and employees have the option to repay the withdrawal over three years, but are not required to.

Similarly, an employee affected by domestic violence can withdraw the lesser of $10,000 or, or 50% of their account balance, without incurring a tax penalty. This provision also includes a three-year repayment period.

Participants affected by natural disasters can withdraw up to $22,000 penalty-free. The amount taken must be repaid within three years, or the participant can pay taxes on a non-repaid distribution over three years.

For plan administrators, the penalty-free feature of these provisions reduces the need to calculate and assess the 10% additional tax typically associated with early withdrawals.

Section 101 requires 401(k) plans to automatically enroll participants upon becoming eligible (the employees may opt out of participation). All current 401(k) plans are grandfathered. The initial automatic enrollment amount is at least 3% but not more than 10%, and will increase each year by 1% until it reaches at least 10%, but not more than 15%. Section 101 is effective for plan years beginning after Dec. 31, 2024.

SECURE 2.0 also authorizes, for plan years that began January 1, 2024, the creation of pension-linked emergency savings accounts (PLESAs) by non-highly compensated employees. The U.S. Department of Labor (DOL) defines PLESAs as “short-term savings accounts established and maintained within a defined contribution plan.”

Employers can offer to enroll eligible participants in these accounts beginning in 2024 or can automatically enroll participants.

Some key provisions:

Section 110 permits an employer to make matching contributions under a 401(k) plan with respect to “qualified student loan payments.” For purposes of the nondiscrimination test applicable to elective contributions, Section 110 permits a plan to test separately the employees who receive matching contributions on student loan repayments.

To understand potential 401(k) plan audit implications going forward, contact us.

Timely financial reporting is key to making informed business decisions. Managers must know what’s in the pipeline to respond promptly and decisively. Unfortunately, preparing financial statements under U.S. Generally Accepted Accounting Principles (GAAP) typically takes several weeks. And many companies only produce GAAP financials at the end of the quarter or year. In the meantime, managers may turn their attention to simple “flash” reports.

There are no standards to follow when preparing financial flash reports. But they typically take less than an hour to prepare and rarely exceed one sheet of paper. The goal is to provide management with a snapshot of key financial figures, such as cash balances, accounts receivable aging, collections, and payroll, weekly. Some metrics might even be tracked daily — including sales, shipments, and deposits. This is especially critical during seasonal peaks or when a company has recently restructured.

Each company’s flash reports contain different information. For instance, billable hours might be more relevant to a law firm, and machine utilization rates more relevant to a manufacturer.

Flash reports hone in on what items matter most and how to draw management’s attention. Consider a restaurant, for example. Weekly revenues might be broken down by day of the week or between alcohol and food sales. Restaurateurs also keep close tabs on labor, food, and liquor costs, as well as gross margins.

Comparative flash reports identify trends and exceptions that may need corrective action. For example, you might compare the current numbers to the previous week, the same week in the previous year, or budgeted amounts.

When a company is starting up, aggressively expanding, or struggling, lenders and investors may request copies of flash reports — especially if management has previously failed to meet projections for growth and profitability. But sharing this information can be perilous if stakeholders don’t understand that flash reports are designed for internal purposes only.

Flash reports provide a rough performance measure and are seldom 100% accurate. Adjustments are often made when preparing GAAP financials. In addition, it’s normal for cash to ebb and flow throughout the month, depending on billing cycles.

Managers who rely on stale financial information may be blindsided by unexpected threats and miss out on time-sensitive opportunities. If you understand their limitations, financial flash reports can help bridge the timing gap between daily operations and receipt of GAAP statements. Contact us to help design a flash reporting format that meets your business’s current needs.

© 2023

The Research and Development tax credit is a great way for companies to reduce their tax liability and generate savings that can be reinvested in the businesses. Companies who claim the R&D tax credit must be prepared for a potential audit. Not being ready for an R&D tax credit audit could result in a reduction or complete loss of the credit, plus penalties and interest.

Audits are common for certain tax credits, and the R&D credit is usually on the IRS’s “Dirty Dozen” list. Here are some tips to keep in mind if the IRS or state tax officials select your claim for an audit:

Don’t enter your audit on the defensive or assume this will be an adversarial interaction. You should go in with a positive and collaborative attitude. The goal is to work with the auditor to demonstrate your claim’s validity.

The R&D tax credit was designed to support companies investing in their businesses. It helps to remember that auditors are doing their job to ensure the credit goes to the right companies.

You should provide accurate and complete information and be prepared to answer the auditor’s questions. Keep in mind that the IRS is looking for substance over form, so companies should ensure their R&D activities are well-documented and substantive.

You should ensure you are following the R&D tax credit regulations. This includes ensuring all claimed R&D activities meet the appropriate criteria and that you are recording their R&D expenses properly.

It is crucial to keep proper R&D documentation of all activities and expenses. This should include project descriptions, project timelines, employee time records, and invoices. The documentation should be well-organized, easily accessible, and up-to-date.

Using the wrong percentage for the alternative simplified method or improper use of the fixed base percentage are common mistakes. Similarly, completing the federal or state forms incorrectly is a red flag.

Adjustments to the base period methodology are not unusual as new guidance is released by the IRS or following tax court decisions, but yearly changes are another red flag for auditors. The fixed base percentage under start-up rules is intended to stabilize 11 years after a company’s start of qualified expenditures and revenue. Established companies, barring acquisitions or dispositions, will have a stable percentage starting by the 11^th year of eligibility.

Whoever compiles your credit should use engineers to evaluate and test the credit claim against the requirements, just as the IRS will do during an audit. In-depth interviews with key personnel help the team evaluate activities, making sure only eligible projects are included.

Time-tracking data is the preferred way to determine personnel percentage, but often this isn’t available. It can be tempting to apply a blanket percentage to employees or departments. Individually evaluating personnel is the only viable method. Interviews can help support this detailed approach.

Even if you’ve done an excellent job of segregating costs, entire GL accounts are rarely fully qualified. In many cases, items may be appropriately allocated to a certain cost center, although not all of the items are actually eligible for the R&D credit.

R&D credit audits are not uncommon. To be better prepared, you should keep proper documentation, perform a thorough study, be honest and transparent, and work with qualified professionals.

By following these recommendations, you can help ensure that you are properly claiming the credit and reduce the risk of an IRS or state audit reducing or denying the credit amount. Contact us today to learn more about how we can help your company be better prepared for an R&D tax credit audit.

Data Visualization in accounting and auditing has become increasingly important in recent years. Graphs, performance dashboards, and other visual aids can help managers, investors, and lenders digest complex financial information. Likewise, auditors use visual aids during a financial statement audit to quickly identify trends and anomalies that warrant attention.

Your auditor uses many tools and techniques to validate the accuracy and integrity of your company’s financial records. Data visualization — using a picture to show a relationship between two accounts or how a metric has changed over time — can help improve the efficiency and effectiveness of your audit.

Microsoft Excel and other dedicated data visualization software solutions can generate various graphs and charts that facilitate audit planning. These tools can also help managers and executives understand the nature of the auditor’s testing and inquiry procedures — and provide insight into potential threats and opportunities.

Line graphs and pie charts can help auditors analyze the number, timing, and value of journal entries completed by each employee in your accounting department. Such analysis may uncover an unfair allocation of work in the department — or employee involvement in adjusting entries outside their assigned responsibility area. Managers can then use these tools to reassign work in the accounting department, pursue a fraud investigation or improve internal controls.

Auditors closely monitor certain high-risk accounts for fraud and errors. For example, data visualization can spotlight the timing and magnitude of refunds and discounts, highlight employees involved in each transaction, and potentially uncover anomalies for additional scrutiny.

Auditors analyze and confirm the timing and magnitude of your journal entries leading up to a month-end or year-end close. Timeline charts and other data visualization tools can help auditors understand trends in your company’s activity during a month, quarter, or year.

Line graphs and bar charts can show how your company’s actual performance compares to budgets and forecasts. This can help confirm that you’re on track to meet your goals for the period. Conversely, these tools can also uncover significant deviations that require further analysis to determine whether the cause is internal (for instance, fraud or inefficiency) or external (for instance, cost increases or deteriorating market conditions). In some cases, management will need to revise budgets based on the findings of this analysis — and potentially take corrective measures.

Data visualization allows your data to talk. Auditors use these tools to understand your operations better and guide their risk assessment, inquiries, and testing procedures. They also use visual aids to explain complex matters and highlight trends and anomalies to management during the audit process. Some graphs and charts can be added to financial statement disclosures to communicate more effectively with stakeholders. Contact us for more information about using data visualization in accounting and auditing.

© 2023