11
The DOL's Office of Chief Accountant (OCA) has the responsibility for enforcing ERISA's reporting and
disclosure requirements. This includes ensuring that the Form 5500 filings are filed timely and correctly
and determining whether plan audits are performed in accordance with professional and regulatory
standards. In situations in which the name(s) of the certifying institution(s) is not included in the financial
statements or auditor’s report, the OCA will contact the plan administrator, requesting such information be
provided (i.e., a copy of the certification from the financial institution). If the plan administrator does not
provide the information in a timely manner, the OCA may initiate a formal enforcement process by
sending a Notice of Rejection (NOR) to the plan administrator. Upon receipt of a NOR, the plan
administrator has 45 days to make any necessary corrections to the Form 5500 filing (including providing
any requested information). If correction is achieved during the 45-day period of the NOR, the
enforcement case will be closed with no imposition of monetary civil penalty against the plan
administrator. However, If correction is not achieved within this period, the DOL may assess monetary
civil penalties from the day after the filing's original due date. If the filing is rejected for a reason other than
the missing disclosure related to the certifying institution but it is later discovered that the name of the
certifying institution is not disclosed, the plan administrator will not receive an additional 45 days to
correct the deficiency; DOL may assess penalties without providing additional notice.
ERISA section 103(a)(3)(C) audit for a plan that does not require an audit
The Department of Labor's (DOL) recent changes to Form 5500 redefined large plans by the number of
participants with account balances on the first day of the plan year. Per Form 5500, a plan with at least
100 participants with active accounts is considered a large plan and an audit is required. This provision
applies to defined contribution plans and is effective for plan years that begin on or after January 1, 2023.
Previously large plans with at least 100 eligible participants required an audit. The DOL estimates that
nearly 20,000 plans previously considered large plans will no longer be subject to the annual audit
requirement due to this change.
This change has led to situations in which plan sponsors have a plan that no longer requires an audit but
would like to have the plan audited as part of fulfilling its own fiduciary duties or for other reasons (e.g.,
the plan has an auto-enrollment feature and the plan sponsor believes the plan will soon require an
audit). Auditors have inquired as to whether an ERISA Section 103(a)(3)(C) audit can be performed if the
plan does not have an audit requirement.
In most cases, there does not appear to be anything in the professional standards, laws, or regulations
that would preclude an auditor from accepting such an engagement. An auditor may accept an ERISA
Section 103(a)(3)(C) audit engagement when no requirement for such audit exists, provided there is no
management-imposed scope limitation on the engagement, except as permitted by the DOL's Field
Assistance Bulletin No. 2009-02, Annual Reporting Requirements for 403(b) Plans.
Under the professional standards, an auditor is precluded from accepting an audit engagement if
management imposes a limitation on the scope of the auditor’s work, such that the auditor believes the
limitation will result in the auditor disclaiming an opinion on the financial statements, and the entity is not
required by law or regulation to have an audit.
AU-C section 210, Terms of an Engagement, paragraph .07 states:
If management or those charged with governance of an entity that it is not required by law or regulation to
have an audit impose a limitation on the scope of the auditor’s work in the terms of a proposed audit
engagement, such that the auditor believes the limitation will result in the auditor disclaiming an opinion
on the financial statements as a whole, the auditor should not accept such a limited engagement as an
audit engagement.
As explained in paragraph .A141-.A142 of AU-C section 703, an ERISA Section 103(a)(3)(C) audit is
unique to employee benefit plans and is not considered a scope limitation under AU-C section 705. As
such, an ERISA Section 103(a)(3)(C) audit may be performed, unless there is another reason the auditor
may know in advance in which management imposes a limitation on the scope of the auditor’s work that