A retirement plan audit tends to be pretty low on the "fun" scale for most plan sponsors. However, plan audits are both required for larger companies and play an important role in the successful management of a retirement plan. Today Brad Bartells, Partner and Plan Auditor at MUN CPAs, will be joining the show to share his expertise on how plan sponsors can prepare for their plan audit and what advisors can do to assist them.
Listen in as Brad breaks down what plan sponsors should look for in a plan auditor, how auditors can provide additional value to client relationships, a recently released new audit standard, cybersecurity issues, and DOL areas of focus for 2021.
“You need to know if your service providers are having issues that could jeopardize the assets and the data of your planned participants.” - Brad Bartells
“We’re trying to help plan sponsors make their plans the solidest and the best they can be.” - Brad Bartells
“Don’t click on those strange links and emails.” - Brad Bartells
Josh Itzoe: Brad Bartells, welcome to the Fiduciary U™ Podcast. Thanks so much for agreeing to be a guest. I'm excited about today's conversation.
Brad Bartells: Thanks for having me, Josh. Yeah, this would be a good time. Thanks for having me.
Josh Itzoe: You're welcome. You're with MUN CPAs, a plan auditor, and I actually came across you from, I found kind of in the Retireholi(k)s community and JD Carlson and crew over there. And then we connected on LinkedIn. And one of the things I was incredibly impressed by is that you put out really, really good thoughtful content on LinkedIn to guide and advise plan sponsors, and also advisors. I think you add a lot to the discussion in the retirement plan community from a thought leadership standpoint.
And I can just say, you don't see many folks from the auditor space who are actually really being forward thinking about content from that perspective, at least not that I have seen. And that was something that really made you stand apart, and then we obviously connected and chatted a few times, and was just really impressed by your overall approach, and some of the topics that you tackle. So, I'm really looking forward to getting into that today. I think we have a number of good things to talk about, and I think listeners will hopefully glean some really good information from your perspective once we get done.
So, for listeners, why don't you provide a little bit of background about who you are and how you found yourself in the plan audit world?
Brad Bartells: Sure. Well, thanks, Josh. I consider myself lucky to have fallen into the retirement plan industry. I've been doing this for over 20 years, and it was just by pure luck that I ended up working on retirement plan audits early in my career. No one goes to school or goes to college with a goal of I'm going to work in the retirement industry, there's no majors like that out there. So I just consider it lucky that I had a partner early on in my career that that had me work on a few of these retirement plan audits. It must have been fate. It was one of those things that just clicked. And I was like, wow, these are great. They make sense. And 20 something years later, here I am working on them. And fortunate that found a passion of working with plan sponsors, working with advisors to make the plans themselves better for the participants. And I work with a lot of great people in this industry.
One thing I like about the industry is just the passion of the people that work in this industry, they genuinely care about the well being of participants, and wanting to make a good outcome for them down the road. So, it's been a great experience, and I'm happy that I've got a lot of time left to work in it.
Josh Itzoe: That's fantastic. Yeah, I totally agree just in terms of, the specialist retirement community, it's a pretty small, tight knit community, and it is very passionate and I think very much a community that's focused on really helping people. That was the one thing that came through I feel like in our interactions so far is that don't take this the wrong way, but plan audits usually aren't the sexiest part of kind of the whole retirement plan process, but I think you've found a way to be really, really passionate about it, and that certainly comes through.
So maybe one of the places to start is, what are some of the DOL areas of focus I guess in 2021 just in terms of the exam cycle? And maybe that's a good place to start to kind of tee up this conversation and where we go from here. What are you seeing in terms of what the DOL is going to be focused on, and what do plan sponsors and advisors who are supporting those plan sponsors, need to be aware of and need to understand?
Brad Bartells: Definitely. What we've heard, and I've been fortunate to be in a number of webinars where there's been actual members of the Department of Labor talking about what they're going to be looking at in their focus, a growing area of focus that the DOL is looking at is cybersecurity and plan sponsors, cybersecurity policies at their own company, and then the cybersecurity policies they have with respect to the retirement plan. They're starting to look at that more and more as they go into their exam cycle. And they don't have any specifics on exactly what they're looking at. They just know they're going to start asking questions. It's kind of an evolving area of focus for the Department of Labor, but it's definitely on their list of hotter topics they're going to be looking at in their exam cycle.
One area that they mentioned they're going to look at is forfeiture accounts. So, in those 401k plans, they're looking to make sure that those forfeiture accounts are being used the way that the plan document says to use them and they're not just growing every year. Typically, those are supposed to be used to pay expenses or to be reallocated to the participants. So they want to make sure that plan sponsors are using those forfeiture accounts the way they're supposed to be used.
Josh Itzoe: Yeah, not building a war chest. That seems to be something they've been focused on for quite some time as well.
Brad Bartells: Yeah. So continued focus on that this year. And always favorite focus of them are the late deposits, the employee contributions, I think that's going to be forever at the top of their list. It's continued focus there, that's one of their favorite things to look at. One of the favorite things that we look at as part of our audits when we're doing audits and plan sponsor. That'll probably never go away. They want to make sure that participant's money is getting in as soon as it can.
Josh Itzoe: We've always heard too that, let's say that you're making deposit as an employer, and it takes you five days, and then you get turned around in two days at some point, that kind of sets the bar, the standard in the mind of the DOL and the IRS, that you may have been doing it in five days, but if you can do it in two days, you should be doing it in two days. Is that a fair assumption or?
Brad Bartells: Yes, that is. So the Department of Labor, they say that plan sponsors need to remit those employee deferrals as soon as administratively feasible. That's their official language. So, you're correct in what you said. If a plan sponsor shows the trend that they can do it in five days, four days, five days, then all of a sudden, it drops to two days a couple of times. That's the new level of standard because they've demonstrated, hey, you can get it there in two days. So all of a sudden, a five day deferral could be considered, or a five day remittance period could be considered late in their minds, if they were to look at it.
Josh Itzoe: What's your experience just in terms of, it's interesting in this business, and a lot of times, we talk about the big headline, I see this all the time around some of the fear mongering around fiduciary liability and a lot of folks in our industry use it more as a way to try to I think scare plan sponsors into hiring them. And, obviously, fiduciary liability, it's real. It's certainly possible, but in many cases, for probably the vast majority of plans, unless there's fraud or something that's happening, it's pretty improbable. That's not to say that you shouldn't be aware of it, but it's probably not as big a real threat or risk as we like to say that it is or that you see with the headlines with a lot of these ERISA litigation cases.
I kind of equate it to, when I get in my car, I've got potential risks when I'm driving my car, It's a 2000 pound bomb or whatever. But I don't really have liability until I cross over the center lane because I'm texting and I run head into somebody. And so, when you see kind of late remittances as an example, how does the DOL typically, how have you seen them respond to that? And have you seen them be reasonable from that perspective or do they really bring the hammer down? What generally, some of these things where you see there's risk, what's it like in the real world when plan sponsors actually run into some issues?
Brad Bartells: There's been a few exams I've been a part of where the Department of Labor has picked one of my clients for an exam. They usually go back three years, and so, they're going to look back on a three year trend. And unless there's something egregious going on where they're holding the money for 30 or 45 days, they're typically not going to give the plan sponsor any type of a written, slap them with penalties or things like that. Typically, they're going to say, hey, these remittances were four or five days late, you just need to pay some lost earnings and remit a few lost earnings to the plan. So I've never personally been a part of a plan where there's been an egregious intentional withholding of the money.
You hear a few things like that in some articles and court cases and things, and that's where they really slap the plan sponsor with some fines and penalties on not following the rules. But typically, they're going to ask them, hey, you just need to calculate lost earnings on those days, or it should have been remitted and send that in, and then that clears it up.
Josh Itzoe: Other areas, are those kind of the main ones? Is there anything else?
Brad Bartells: Yeah, a couple other big ones they're looking at is, they're going to take a closer focus on loans that participants may have taken from the plan. And just ensuring that the plan and the plan sponsor are complying with the with ERISA requirements for plan loans, for what your plan documents says you can have for plan loans. Making sure that when a participant requests alone, that there's the proper paperwork and documentation there and that there's a standard repayment plan in place. So that's going to be continued focus.
They're going to take a little closer look at ESOPs, and especially if it's a privately held ESOP, where the stock of the plan sponsor is, it is a publicly traded, so it needs to get an appraisal every year to be valued. So they're going to take a closer look at those privately held ESOPs and how the stock is valued every year. So it's kind of a new focus this year, they're going to look at that. They're looking at required mandatory distributions this year a little closer, and they're making sure that plans are following those, their requirements for when employees have to start taking required distributions, that plan sponsors have processes to track down participants to say, hey, you've got to start taking money out now. And this is what you have to do to make sure that those required minimum distributions are being done timely and properly.
One other thing they're looking at is if there is an exam and there are findings that the DOL has, they're going to do more follow ups with those plan sponsors to see, hey, are you complying with these findings that we found in your corrective action plans, just doing a little closer follow up with that. Those are kind of the big areas they're looking at.
Josh Itzoe: Is there much just in terms of, obviously, there were a lot of things happening in 2020 with the CARES act and whatnot. Is there any guidance around how they're going to be evaluating or looking into some of the things that happened relative to the CARES Act, and some of the changes that were made that allowed participants to get access to money a little bit more easily than normal?
Brad Bartells: Yeah, nothing specific on that. I think it's such an evolving area of the industry that they don't want to put out anything specific. I would think that as we get farther into 2021 and they kind of put out their hot topics that they're going to look at in 2022, we might expect to hear a few areas they're going to look at related to CARES and SECURE. But nothing that they specifically said, yeah, just because of the fluid situation of all those requirements.
Josh Itzoe: Right, right. Yeah, that makes sense. You mentioned cybersecurity, and that's obviously, we're seeing that from a litigation perspective, and we're seeing enter into some of these cases, the Abbott Labs case that was filed in April of last year. I know that's had some headway and whatnot. But cyber is obviously becoming much more of a focus. And you had written a really good LinkedIn post about just cybersecurity controls in general. So, maybe talk a little bit about that. In terms of processing controls, what should plan sponsors be doing? How does Department of Labor want to actually see them putting in place practices or processes to have a policy that they're following?
Brad Bartells: That's a good question. And this is just going to be one of the hot topics in the coming years related to cybersecurity, and who's responsible for it. Is the plan sponsor responsibility? Is it the service provider's responsibility? Is it the participant's responsibility? And the answer would be yes to all of them. It's got to be a collaborative efforts.
Plan sponsors, they have to give their participants and their employees education on what to do and what not to do. Kind of the basics on don't click on those strange links and emails and things like that that would immediately give the bad guys access to data in the employer system. So employer education to plan sponsors, or the participants, is just the front line of defense.
Other things that plan sponsors need to do is there's those pesky SOC 1 reports that auditors ask about. And those are the reports of internal controls at your service providers. So commonly your payroll provider or your custodian record keeper. So your Vanguard, your Principal, your Mass Mutual. And a lot of times plan sponsors think that those reports cover IT security. And they may and they may not. So a lot of times, plan sponsors may need to go an extra step and ask those record keepers what specific IT controls do you have to protect my participants and my employee's data? And so, they may need to go some extra steps.
There are other types of SOC reports that are specific to IT security that they need to ask for, it's a SOC 2 report, is more specific to IT security as service providers. So they may want to start asking for those, reviewing those SOC 2 reports that are specific IT security to understand are there any risks and weaknesses of their service providers. Those are probably the big areas, is employee education and understanding your service providers and how they are reviewing their IT controls to make sure that the bad guys can't get in.
Josh Itzoe: I'm not sure I've ever met a committee member who's read a SOC 1 or a SOC 2 report. So that's my question is, a lot of times, are you actually finding plan sponsors that are reading through this or they're getting those reports and they're kind of filing them in folder and checking the box and saying, okay, great, I got this document, but not actually doing anything with it?
Brad Bartells: Yeah, I would say that they're not even doing that. A lot of times, we will get out to an audit and we will ask for that. And they'll say, huh, what is that. And especially if it's a new audit that they just don't know. And even continuing audits, we're still trying to train them on. You've got a responsibility to look at this to protect your participants. You need to know if your service providers are having issues that could jeopardize the data and assets of your plan participants. We usually ask the member of management, we're saying, you got to get these on an annual basis, read them, and then you want to provide that report to, if you have a committee or you have named fiduciaries or trustees, it's usually not their responsibility to read it. If management can report to them on the annual review, that's what needs to be done. But you got to document that you've done it too, so it's key to get that in your committee minutes.
I can tell you a number of stories over the years where I've had plan sponsors who did not read that SOC report, and then we go in and look at as part of the audit, we find issues, we go to the plan sponsor, they didn't know about the issues in the report. And it ends up that there was an issue that they needed to follow up that impacted their plan. It's rare but it does happen. I know Transamerica last year had a issue in their SOC report that a plan sponsor didn't know about. It's rare when something like that happens.
Josh Itzoe: I actually remember that issue. We had some clients that impacted.
Brad Bartells: So I had a talk with a plan sponsor about, you need to look into this and see if there are any issues. Like I said, it's rare, but when it does happen, everyone's radar goes up, to say, oh oh, what could happen. About 10, 15 years ago, there was an issue with Vanguard where they had problems calculating vesting calculations on participant distributions. And the client I was working on didn't know about that, when we looked at testing distributions, there were errors in every single distribution where there was a vesting issue. And so, that caused the client to have to go back and fix things way after the fact. So it's really important to look at those SOC 1 reports and read them on an annual basis, and document that as part of your fiduciary responsibilities. You're monitoring your service providers.
Josh Itzoe: Right, right. So how do you handle that? Things like that when they're failures, are you putting that in the management letter? How do you kind of negotiate that? It's been interesting when there have been findings for clients I've worked with in the past, and there's like this, they want to go back to you as the auditor and kind of horse trade, can we not put that in? How do you typically handle that with plan sponsors when there are findings that come up?
Brad Bartells: What I always try to tell when I'm marketing myself to potential new clients, or if I'm talking to a current client is, as an auditor, we want to be your partner, and we want to be an advocate for you. I think there's this impression that the auditor is trying to come in and get you. We're trying to zap you and find all the things that are wrong. And to a certain extent, that's correct, but we're really trying to help plan sponsors make their plan and their controls the solidest and the best they can be. In that slim chance that DOL or IRS came in, we've already addressed things, we've already found things before they find things because they carry a much bigger stick than we do.
So, I tell my plan sponsors, look, we're an advocate for you. We're partnering with you, we want to help you make your plan the best it can be. And so, if we find areas, we find weaknesses, if we find control testing exceptions, I want to tell you about it so that you can fix it and make it better. So, I tell them, look, we're going to give you recommendations, but we want to help you make your plan better. So, be open to those recommendations and don't think of them as you're doing something wrong. Look at it as an opportunity to make your plans solid and better.
Josh Itzoe: It's interesting, I've always told clients that these plans are so complex that they have operational issues and failures all the time. I think the DOL and the IRS would say that while plan sponsors would think that a plan with no issues is a healthy plan, I think actually the sign of a healthy plan is when you find issues, and you fix them, because all of these plans run into issues and operational failures from time to time. I actually think the DOL and the IRS, what they want to see is not that you think you're in perfect shape, but that you have a process in place to find those issues, and when you do find them, that you take appropriate action to correct whatever those issues are. But then also, do something, put something in place to make sure the likelihood of that error occurring in the future is minimized as much as possible.
Brad Bartells: Yeah, definitely. When we come into an audit, it's not, is there something wrong? It's, yes, there's something wrong and we just have to find it. And obviously, we're not looking at 100% of the participants or the transaction. There's a good chance that we could, through our audit testing, we may not find something just by chance because we're only sampling.
Josh Itzoe: What's the sample size you typically use? Is it like 25%?
Brad Bartells: It really varies from plan to plan. It's based on the number of participants in the plan. It's based on the total assets in the plan. It's based on the active, so you've got the eligible participants, but then there's also the active participants, which could be a drastically different number depending on the type of employees the company has. So I'm going to just say it depends, it really varies on a number of variables. But it's typically based on the number of participants and the total assets in the plan. We calculate some numbers, we'll pick some participants to test and some transactions to test. But it really varies. It's kind of hard for auditors to give away what their materiality is and how sample sizes come up. So, a lot of it depends on a lot of different variables.
Josh Itzoe: Right. You know, it's interesting, I have had some clients that went through operational issues. The first thing they say is, why did my auditor catch this and we have to have a conversation with them, well, they're only sampling part of the plan. So if the error occurred outside the sample, well, of course, they're not going to find it. So we actually ran across a client one time that they had incorrectly calculated their true up for like a decade. It was a major, major hassle and headache. I go back to one of the things that I think from an industry standpoint, we talk about fiduciary liability and that risk, and we talk about that all the time. I do think that is possible, improbable for most plans.
But I actually think the greatest risk for companies and plan sponsors is actually operational failures, the ones that a group of employees, because the payroll system, there was a glitch, got excluded from the plan for two or three years, and it was found, and then you move outside of being able to self-correct, and you have to go through a VCP. Next thing you know, you spent $100,000 fixing an issue. That is a much greater risk to plan sponsors, in my opinion, than the threat of being sued for fiduciary liability or breach of fiduciary duties.
Brad Bartells: Yeah, I can see that definitely. And that's more what we're looking for as part of the audit procedures is the test that we do are looking to make sure that the plan is operating in compliance with the plan documents and DOL requirements. And so, a lot of our audit focus is really guided by what the Department of Labor has laid out and what they want audit firms to look at. To your point about why didn't the auditor's catch something, it could be because we're not looking at a lot of other ERISA compliance areas. We're kind of really focused on what does the Department of Labor want the audit firm to look at. I know enough to be dangerous. And so, if I see something that's a little outside of this doesn't seem quite right, I might ask questions about it. But if it's an ERISA, I'm definitely not going to give any advice on that, I'm going to point them in the direction of an ERISA attorney, if there's something else going on.
So that's why the way the audits are designed, it's to make sure that all eligible participants are in the plan. And to your point about a group of employees being excluded. I'd like to think that we've got an audit plan designed where if all of a sudden, a whole bunch of employees disappeared from the census or disappeared from payroll, we would look at that and go, what changed? What's missing here? I think that an experienced audit firm that does a lot of audits that knows what they're doing, would catch big things like that, because it's just the way the audits are designed. If a firm knows, plan audit knows what they're looking for, if there's big changes like that, something that just completely doesn't make sense compared to the prior year, they're going to catch things like that, big things like that definitely are going to be caught.
Josh Itzoe: I don't know if this falls into kind of your scope. With COVID and with the impact on certain sectors of the economy and companies, I think there was some relief provided, but partial plan terminations is something that we've seen start to kind of creep up a little bit. I believe there was some relief, maybe through March 31st of this year, if I'm correct, where perhaps you had a partial plan termination, technically, it's a 20% more rif if you will. But if maybe a hired employee is back, I don't know all the specifics, but I think if you had hired employees back to get under that threshold by I believe March 31st, that there was some relief.
Brad Bartells: You're correct. So I believe it was the end of March. If you were to bring those employees back up above that 20%, then you don't have to consider that a partial plan termination. So, it's kind of one of those subsequent events that the audit firm will be looking at for the year if they see a large reduction in employees, the audit firm should be asking, well, did you hire them back, to avoid all those immediate vesting of employer accounts.
COVID really is going to bring some interesting challenges to the audits this year. With plan sponsors, employees potentially working remotely, a lot of processes for how HR and finance management plan could really change from 2019 to 2020. We're going to be asking you plan sponsors, did your employees work remotely? And if you did, how did you still make sure that new hires got into the plan properly? How did you make sure that new hires were input into your payroll system correctly for the right pay rates? Who was reviewing and accruing those to make sure that a fake employee wasn't put into the payroll system while no one was looking, because if no one's minding the shop because everyone's working at home, things could slip through the cracks a lot easier.
So, I would think that plan auditors this year are going to be asking tougher questions to plan sponsors to really understand how did you make sure that this bad thing didn't happen or this error didn't happen, because with employees dispersed all over the country, in their homes, processes controls could be up-ended, and there could be some issues in more recent plans. I wouldn't be surprised if plan auditors were asking more questions this year, and looking at more samples and looking in more areas where they don't normally look, because there's a lot more risk this year of errors and noncompliance with your plan document or Department of Labor guidelines. It's going to be an adventurous audit year I expect.
Josh Itzoe: Right. Right. So, maybe leading into that then, what would be some of the tips that you would have for how they prepare for an audit? And then maybe a follow on to that is, what are some things that advisors can do to actually support the audit process?
Brad Bartells: Sure. No, that's really good. I think this is a good question. The audits that I'm a part of that go really smooth, it's really where a plan sponsor is committed to the process. They really want to know, they've got someone in charge is the first thing, so they've got someone who really drives the audit process at their company and communicates directly with the auditor. So they're the one that sets the due dates in the calendar of events. It really works if everybody understands when all of the reports and payroll reports need to be to the audit firm to make selections. And everyone knows when the audit firm, hopefully this year is going to come on site for audits. That would be nice if we could go back to face-to-face audits this year.
And when the audit firm shows up that everything is ready, so that your audit firm can just jump in and hit the ground running right when they walk in, it's really inefficient when you walk in the door, and the plan sponsor says, okay, let me go grab everything, or let me go pull those. That slows the process down. So being that commitment to being ready for the audit and being committed to the audit process, and making sure it goes smoothly, just goes so much better.
Josh Itzoe: What percentage of your plans would you say are really prepared when you walk in the door?
Brad Bartells: Are fully committed to the process? Gosh, I'd probably have to say 25%. And I really work to get that number up. We can get done in about two days, the field work, and if they're committed to chasing down those open items and questions we have when we walk out the door, we can get them a draft in about two weeks after we walk out the door, draft financial for them to review, that's a really good process and that's the best case. The ones where they're not committed to the process where they just let it drag out, those are the ones where we're filing it on October 10th, right up to that October 15th due date. There's really not a reason unless there's some really catastrophic operational error that needs to be fixed, that the audit shouldn't go that long.
So that's probably my biggest tip to making the audit process go smoother is be committed to it, be committed to those due dates and those audit requests. Make time for the auditors to answer their questions. We understand that it's a disruption to their business, and they'd much rather be helping their customers and running their business. And so, our goal is to get in and out as fast as we can. And so, if everybody's committed to it, we can get out of there really fast. And part of being committed to the audit process I think we kind of touched on it earlier is, look for value in the audit, talk to your auditor about, how can I improve my controls, how can I improve my processes.
Just remember what we talked about before, we're there to help you, we're there to be a partner with you. And if the plan sponsor has that mindset, that this is to help me improve my operations and my plan, it'll just be so much smoother. It's hard to call an audit an enjoyable process, but it can be, it doesn't have to be painful, either.
Josh Itzoe: And so, kind of hearing that forward, one of the things we've done over the years, which I think can vary from client to client, but it definitely wins from just a client satisfaction standpoint, is offering to provide some help during the audit. So, maybe talk a little bit about what are some of the information or the documents that you're requesting, and maybe we can talk about where advisors can help in that so that the plan sponsor isn't kind of flying blind, and you're not having to take a bunch of time gathering information, you can actually be doing the field work instead of the go between.
Brad Bartells: The go between, definitely. So, for these audits, there's usually two areas where information comes from. We're asking for a lot of payroll and personnel file information. And that's going to come directly from the plan sponsor because they've got those payroll files and personnel files there. That's really the largest area of information that the plant sponsor needs to provide. Advisors and TPAs a lot of times will provide the custodial reports, the trust statements that come from your Principals or your Vanguards of how well the participants statements, participant records and investment records. So that's where that initial request comes from.
Then when we get down to the detailed requests, so if we pick a sample of distributions from the plan for testing, it kind of depends on who is responsible for getting that information. So, a lot of times, when we put out those requests for the specific participants that we're going to test, it may be beneficial for the plan sponsor, any advisor to have a quick talk about, okay, you're going to get this, this and this, and then TPA or advisor, you're going to get this, this and this gives because you've got better access to it. So a lot of times, it's a quick five minute conversation of who's going to get what from where.
Every plan is a little different as far as who has access to what. And so, we're very flexible for working with plan sponsor, you're going to get this and advisor, you're going to get this, or no, we have direct access to the custodial website, we can pull reports directly off of there. There's a lot of different ways to do it. But I would say the best thing to do would be for advisors and management to just have a quick talk about where information is going to come from, instead of just assuming that it's the others going to get it. If you weren't where that's happening, it causes a delay. But just the more communication, the better. These things always go better when we're all talking together.
I've even had audit planning meetings with management with the adviser and us just to set up hey, here's the team, here's who's doing what, here's who's coming from where. A quick 15 minute phone call saves a lot of time on the back end.
Josh Itzoe: That's great. Are you asking for things like meeting minutes or investment reports or anything that typically advisors might cover or fee benchmarking or anything like that, or does that really fall outside the scope of the audit from your perspective?
Brad Bartells: We do ask for meeting minutes as part of the audit. We read through those just to get a feel for any big decisions that may have been made during the year, any big events. But we don't get into the details of fee benchmarking or investment review. That's a little bit outside of what we're looking at. But the minutes we definitely look for. It just gives us a feel for what happened during the year. If there were any big amendments that happened during the year that might impact. But we don't get into the nitty gritty details of what's in those minutes unless there's some big plan minutes or a big event that happened. We'd like to see it because that's a warm feeling if we see discussions of fee benchmarking and investment reviews, because it makes us feel better that, wow, these guys are really monitoring their plan and keeping a good look at it. So, it gives us a better feel that we've got a good solid plan to look at. But we're not going to really ask for those specifics.
Josh Itzoe: Got it. Just out of curiosity, what percentage of the plans that you audit provide minutes, actually have minutes, and what does the quality of those minutes typically look like?
Brad Bartells: I'll divide it up here. So for the plant that we audit that use and outsource 316 or 338, 100% of those plan have minutes because they're doing a great job documenting. For the other plans, where they're their own trustee, or they don't have an outsource fiduciary helping, probably less than half keep minutes. And of those that keep minutes, they're very high level and very brief. So not a lot of value in them.
It's always an audit recommendation to make sure you keep those minutes because you need to document that you're doing your duties, and there's no better way to do that than keeping those meeting minutes and keeping details of when you're doing investment, benchmarking and fee benchmarking, how you're monitoring events in the investment world for risks to your investments. When you put an investment on watch to monitor that, to show that you're documenting, that you're protecting your participants and doing your fiduciary duties. So usually, it's very common at least in the audits that I work on that we've got recommendations to enhance the minutes or start keeping minutes at all, let's take baby steps.
Josh Itzoe: What would you say, just in terms of, what should plan sponsors be looking for in an auditor? You mentioned something a little bit earlier, and I hope you take this in the spirit that it's intended, but you mentioned that they should look for value in the auditor that they use and in the audit process. I actually think that's one of the challenges with a lot of plan audits, is that just been my experience over the years. And this was part of the reason why I was so interested in interviewing you is, a lot of times these audits and auditors, many of them I think are not viewed as a value add by clients. It shouldn't be, but there's just for whatever reason, it's viewed as more of an obligation and not an opportunity. Maybe that's a good way to describe it.
But I also think that comes down to probably the quality of the auditor to engage with the plan sponsor, and have more quality strategic discussions, or value added discussion. What would you say plan sponsors should look for, and I know in part, the DOL had a small firm initiative a number of years ago, and they did some studies, JD Carlson is going to make fun of me because I'm going to reference this, but I actually wrote about it. I have a whole section in the book about what to look for, or a chapter about what to look for in an auditor. One of the things I cite is this research that was done, I believe, maybe the DOL, maybe they did it, or maybe they hired a third party to do it. But what it showed was that the power of specialization for auditors that audited, I think maybe the number was like 100 plans, but a large number of plans showed far fewer errors than auditors that maybe have four or five plans. And it's just the power of specialization.
And I think what happens a lot of times is you get a CPA firm or you get an auditor. They may not do many plan audits, but they do it for the client, one, because CPAs like everybody else is kind of in the business of helping clients. But it's also as a way to kind of protect their flank because they don't want somebody who is a specialist like you coming in and doing the audit in year one. And then next thing you know, bidding on the entire engagement a couple of years later. So, what are your thoughts as far as that goes?
Brad Bartells: It's a great question. Retirement plan audits, it is a very specialized industry. If you were a plan sponsor and you were a casino, or a hedge fund, you're going to hire a CPA firm that specializes in casino audits or hedge fund audits. It should be the same way for if you have a retirement plan. You want to hire a firm, regardless of who it is, that understands those audits, because there's a lot of unique industry specific things about retirement plan audits. You mentioned it before, it's very common, that plan sponsor all the sudden has a 401k plan that's grown into that audit requirement. And they just try to rope in their firm, their current audit firm do it and it may not be the best choice because they don't do any.
Things to look for. If a company is interviewing CPA firms to look for, one of the big things to look at is is the CPA firm a member of the Employee Benefit Plan Audit Quality Center at the AICPA? Firms that are members of those are firms that specialize in those audits. And they're a member in the Audit Quality Center because they meet certain requirements to be a member of that Audit Quality Center. The key one is that they provide annual education to their audit staff on auditing benefit plans. So their team is continually getting their continuing professional education in ERISA audits and retirement plan audits to keep them up to date on the new changes.
A thing to look at is, look at, ask the firm about their peer review, and does their peer review, which is every three years, but did it include employee benefit plans? And were there any findings related to their employee benefit plan audits? That's always a key one.
Josh Itzoe: And a peer review just for listeners is when essentially you get audited by-
Brad Bartells: By another firm.
Josh Itzoe: By another firm, correct?
Brad Bartells: Exactly. So another firm comes in and looks at our audit work papers to make sure that we're meeting audit standards and doing it the right way. It's kind of how the industry self-polices itself to make sure that we're doing things the right way. Make sure peer reviews are working. You want to ask the firm about have they ever been subject to any department of labor investigations and reviews of their audit files specific to benefit plan audits, and if there were any findings or sanctions. Probably rare that it could happen.
Josh Itzoe: I feel like there was a small firm initiative where the DOL started to go, when they found some of these, the equivalent of what I would call a recreational 401k advisor. Someone maybe has a couple of plans, but certainly doesn't specialize. But I believe there was like a small firm initiative, wasn't there where, was it the DOL that essentially looked at these non-specialist CPA firms, but really looked at their clients?
Brad Bartells: It was a couple of years ago, they did a survey. And I can't remember what the the stratification or the breakdown was, but it was definitely, there was a definite difference in firms that did 100 or more, and firms that did under 100, and then you get under 100. And the difference is in the number of findings and errors in any audit finds, this is really how they were rating it, and non-compliance with what the DOL wants the audit firm to look at.
And then as you got under 100, it really got larger for firms that maybe did five or less, and firms that did 20 or less. They really kind of stratified it that way, how the error rate really went up. And it just shows that the more you do, the more you understand it. The expertise of the partners and the staff that do the audits.
So the ICBA, they have some great resources for plan sponsors on that audit quality center that are free for plan sponsors to look at. They've got some documents on how to prepare an RFP for a 401k plan, good questions to ask, good questions to include. And they have tips on how to select an audit firm that kind of have a few of the bullet points we talked about, but a few other areas for plan sponsors to consider. So the audit quality center, that part of it for plan sponsors is free for them to go on and look for that information. So it's nice to put that out there for plan sponsors to find a quality audit firm for their retirement plan.
Josh Itzoe: I'll make sure to put a link to that in the show notes as well. I know a lot of auditors and I know some really, really good auditors, but you seem to really care about that kind of value add and actually making recommendations to clients, things to think about. You had a recent blog post around meeting minutes, which I thought was really interesting. And you seem to really enjoy talking to or providing more that thought leadership. what's been kind of the response in the industry and kind of in your network and within prospective clients? has it been good for you from a marketing perspective? what got you into really wanting to get into some more thought leadership around fiduciary best practices and retirement plan best practices?
Brad Bartells: a lot of people have this impression that the CPAs and the auditors, we just sit there and bang away on our computers and crunch Excel spreadsheets, where we got the advisor on where the bean counters just count things. I really like this profession because I get out and I get to talk to people. And that's the enjoyable part of this job is doing things like this. Looking at issues and being able to figure out where are the issues and what do people need to know about. And the more I've done it, the more people I've met, it's been amazing to meet people all across the country, and be able to talk to them and share thoughts and share issues and solutions with each other. And it really helps me broaden my understanding of what are plan sponsors looking at and what are issues they need to look at.
And I found out that there's a lot of people that really have those questions, but they never really knew where to go for an answer. So it's really enjoyable to have people poke me on LinkedIn or send me an email about hey, I saw your thoughts on this. What about this? And just being able to broaden the network and talk to people. And it makes me think about the issues a little bit differently. It makes me kind of think about things not necessarily for how they impact a financial statement, but how are they impacting the plan sponsor and how are they able to serve their clients the right way and serve their employees the right way. What are the value adds that I can give? How boring is it if your audit firm just walks in and hands them an audit report, then they walk out, you don't see them for a year.
I try to tell my clients that look, I'm here year round. If something comes up, call me. This is a year round relationship. Yes, we only do the audit two, three days a year, but call me if you got a question. Rope me in to your quarterly advisory meetings if you want my thoughts on something. I enjoy that stuff. It really makes me feel better when they sleep better at night and that's just part of being in client service and helping your clients out.
Josh Itzoe: Do you have any clients that bring you into committee meetings?
Brad Bartells: A few. It's pretty rare. I have a couple where they may call me. Typically, it's leading up to the audit, to be honest, to try to understand the timeline of things. I have a couple that have called me in the middle of the year and they just want me there on the call to give my input on something they're doing to see how it might impact from an audit or a financial statement perspective. But it's a few but I'm always staying there for them. That's part of the agreement, part of the relationship.
Josh Itzoe: One of the things I think is key to relationship management is those touch points. That's why I think having regular committee meetings, it's really hard to get dislocated from a client if you're seeing them every three months, every quarter, even every six months, but you're in contact maybe with them, or you're checking in, one of the things that we did a couple of years ago, we just do like a biweekly standing call, or bimonthly standing call with clients in between committee meetings. And that was a big hit with them. It's really important relationship management wise. If you're only on site a couple of days a year to actually do the audit, that's a good thing to be hopefully connected with them throughout the year so that it's harder to get kind of dislocated from the relationship, if that makes sense.
Brad Bartells: Yeah. And it's a lot easier to keep up with what's going on throughout the year. Even if it's just a quick 10 minute, hey, join the Zoom meeting at 10 o'clock and you'll be done by 10:15, just a quick touch base, that just helps keep that relationship solid. It helps you know what's kind of going on. So when you get to the end of the year, you don't have to do a complete, okay, what happened during the year, anything, or you already kind of know things that may have been going on or issues you've been able to resolve throughout the year instead of try to fix it all at the end.
Josh Itzoe: Speaking of that, with Zoom, so how has, with COVID, have you been on site to do audits, has it been all virtual? What's that been like?
Brad Bartells: Yeah, the last 12 months have been 100% virtual, which, thank God, we have Zoom and Microsoft Teams because I don't know how he would have done it without. It's really been a blessing to be able to do this. And it's really showed us that we can really broaden our services anywhere in the country. We can talk to anybody, we can see anybody, with secure emails and secure file transfer sites. We can serve a client anywhere in the country, which is really meaningful. And we really didn't think about it until we were forced into the situation. But clients have been really appreciative of having at least face-to-face Zoom meetings to try to get a little personal connection with it.
It was a little clunky at first because we had to ask clients, hey, you know all those payroll records that you just have on site, we need you to scan all those to us now. It was a little bit of a shock to the system at first. As COVID wore on, I think companies got more used to, hey, we're going to have to do this, and people figured out more efficient ways and better ways to do things. So I think even though this whole COVID experience was pretty awful, some good things have come out of it that we forced companies to use and will be beneficial and efficient going forward.
Josh Itzoe: Right. It'll be interesting. I know we had a number of clients at Greenspring that said, you know, let's start to do more committee meetings just virtually because it's more efficient, we can get it done. I think there's a lot of things, even look at participant engagement, from an advisory perspective, you still had a lot of plan sponsors that want advisors to be on site, to engage with employees. And when that's required and necessary, no problem. We have been trying to move clients, in 2018, 2019, to be more open to let us do virtual engagement with their participants.
COVID actually has accelerated that. We've seen a big spike at Greenspring in that virtual engagement. I think that's going to be here to stay, it's just easier, it's easier to engage with participants, than, hey, you got to carve out 30 minutes from your day to go into a conference room and sit down with the advisor. They can now schedule things like Calendly schedule a one on one really seamlessly and easily and it fits into their schedule. So, it'll be interesting to see some of the things that we had to adapt to during COVID that are now behaviourally just going to kind of stick with us moving forward. I think there's a lot of COVID fatigue, I know I'm fatigued by it. But at the same time, there are some good things I think that will carry forward, and that impact businesses like yours or businesses like ours. That is interesting.
You had mentioned when we were preparing for the episode, you'd mentioned a new audit standard that you had wanted to bring up. Maybe talk a little bit about that.
Brad Bartells: Sure. So there's going to be a change in the audits for 401k plans and limited scope 401k plans. And originally, this audit standard was going to be required to be adopted for the December 2020 year ends. But when COVID hit, it got delayed for one year. And so, CPA firms can elect to early adopt it now for 2020, but I think most firms are going to defer it to the December 2021 year ends. You may have clients and there may be plan sponsors out there who have a firm they're choosing to really adopted. If they do, there's a couple additional requirements that the plan sponsors are going to be subject to, the audit firm's going to ask for some additional information for their audit files.
One of the big changes before all that is, we used to know these audits, they were known as limited scope audits, where the custodian or the trustee provided the CPA firm with that certification statement.
Josh Itzoe: You can rely on that from a valuation perspective, right?
Brad Bartells: Exactly, yes. So the CPA firm was not required to do any audit procedures over those investments, or the income or earnings from those investments. So that's still going to be the case, but instead of being known as a limited scope audit, it's going to be known as an ERISA section 103(a)(3)(c).
Josh Itzoe: That just rolls off the tongue.
Brad Bartells: They made it really easy, didn't they? The theory behind it is the same exact thing. As long as that certification statement is provided, the audit firm still doesn't have to do any audit work over the investments. So, it'll still be, for all intents and purposes, that limited scope audit, but the official name is going to be that 103 (a)(3)(c) audits. And so, because of this, the opinion in the financial statements is actually going to change for these audits. It'll no longer be that disclaimer opinion, where the audit firm says we didn't do anything because of the Department of Labor requirements. Now it's going to look more like a traditional clean audit opinion that your plan sponsors company would get or you would see in any other audited financial statement. So, that's going to be one of the changes in the audit report itself will be that. That's going to probably be, you'll see that for the 2021 audits in most cases.
But what's the real impact on the plan sponsors? There's really some additional information that your audit firm is going to be asking you to provide into documents. And so, real quick bullet point on those things is, some of these will seem pretty obvious, and you're probably already doing them, but it's just now it's got to be documented. So your audit firm is going to want to know that the plan sponsor is maintaining a current plan document. I know that may seem kind of easy and straightforward, but I've really gone to plan sponsors and asked for an updated plan document, and they don't have it. So, the audit standard is making sure that the plan sponsor is taking responsibility for the plan and maintaining a current plan document. So they're going to be asking plan sponsors, please demonstrate that you have a current plan document on hand.
The audit firm is going to want to document that the plan sponsor is properly administering the plan and making sure that the financial statements are being prepared and reporting in accordance with the plan's provisions. So really, what does that mean? It means that the plan sponsor really needs to show the audit firm that I'm keeping proper records for my participants both from a payroll standpoint and from a 401k account standpoint, which they're probably already doing, it's just now you've got to more formalize it. You've got to document that the plan sponsor has an understanding that the financial statements are in a proper format that ERISA and the DOL wants.
Now, in most cases, I would say probably 99% of the time the audit firm is preparing the financial statements, it's just kind of what's done. I think it's very rare that the plan sponsor themselves prepares those financial statements. So even if the CPA firm which in most cases they prepare those financial statements, they have to have that discussion with the plan sponsor to document that the plan sponsor understands those financial statements and understands that they are being prepared in the right format for an ERISA 401k plan audit.
One of the other key areas is that the plan sponsor needs to document that they agree that the audit can be performed under that new 103(a)(3)(c) requirement, which is the limited scope requirement. So, this is probably something that will probably be the newest requirement that plan sponsors need to provide to CPA firms. Really what the plan sponsor is going to have to document is they're going to have to tell the CPA firm, let's say you're working with Principal. So the plan sponsor is going to have to show the CPA firm that Principal is a qualified institution that is qualified to issue that 103(a)(3)(c) certification. They need to document that the certification is worded correctly, that it covers all of the assets in the plan so that that limited scope audit can be performed. Really, they just need to provide a memo to the plan sponsor that I would think that, or to the CPA firm, that documents this. I would think that most CPA firms are going to come up with a bullet point template to give to a plan sponsor-
Josh Itzoe: I was going to ask if that's the case of like, hey, just-
Brad Bartells: Fill this in and give it back to me for my file, it'll be very simple.
Josh Itzoe: Right, right.
Brad Bartells: And the last big requirement is typically already done is that the audit firm needs to get a substantially completed 5500 before we can issue the financial statements. I would think in most cases, that's already being done because as part of the audit, we have to look at that 5500 and make sure that it is consistent with what's in the audited financial statements. But in some cases, there have been delays where the audit's done but the 5500 draft has not been completed yet. And now under this new audit standard, that will delay the issuance of the audited financial statements until we can look at that draft of the 5500 to make sure that it's consistent with the financial statements. So those are the big four areas.
Josh Itzoe: From an auditor's perspective, you worry about that, that that's, because most plans, they file an extension. Is that going to compress your timeframes or the fact that most plans file an extension anyways, you think you'll still get a completed 5500 in kind of the normal course that you normally do?
Brad Bartells: I don't think that is going to affect the audit anymore. I think that plans that file the extension, the audits are already timed because of that extension. So, I really don't see that being an impact. I think the only way that would impact the audit is if again, there were some sort of compliance errors noted during the audit and it caused revisions to the 5500. And so the audit firm is going to have to hold the financials until that revised 5500 is provided to them.
So those are the four big changes really. I'm planning on discussing this with my clients and pretty much providing them with like, here's what you need to give me so I can meet these new audit standards. Here's a memo that you can fill out and prepare just to give to me to show me you're documenting these. They're not complex, they're nothing new. I think it's things that plan sponsors were already doing. These audit standards are just now formalizing it so that the audit files now have it.
Josh Itzoe: Got it. As we're wrapping up, maybe could you talk about two or three of your best recommendations around how plan sponsors can mitigate risk as it relates to their plan?
Brad Bartells: Yeah, sure. As an audit firm, we're always looking at where are the risks to an error in the financial statements or an error in noncompliance with your plan documents. So a few key areas that I would leave with plan sponsors is, we talked about SOC 1 reports earlier. And I would say, make sure you're reviewing those. That tends to be a place where I don't see plan sponsors reviewing for risk mitigation is reviewing. Documenting that you're making sure that the service providers to your plan are still, they've got appropriate controls in place, that they're still viable service providers. They're processing 1000s and 10s of 1000s of transactions a day for your employees. You want to make sure that they've got solid controls and things in place. So, make sure you're documenting those reviews and reviewing and looking at those on an annual basis and making sure your service providers are solid.
An area that we always look at for the audit is payroll. Payroll is big because it directly impacts deferrals and contributions into the plan. As part of the audit, we're looking at payroll controls. And so we just want to make sure that plan sponsors are making sure that pay rate changes are reviewed and approved, that new employees input into the payroll system are reviewed and approved, to make sure that it's a real employee that's being put into the payroll system and not a fake employee. Just making sure that changes in deferral rates have proper reviews, to make sure that if an employee changes their deferral rate from five to 10, that it is input as 10% and not 1.0%, which could cause some problems.
Another big one we talked about meeting minutes, is probably the last one, is document those meeting minutes and making sure you got enough detail and to show that you are properly overseeing the plan from a fiduciary responsibility standpoint. The more you document, the more chance there'll be the if there is a lawsuit, that it won't have any ground to stand on because you've shown you're doing your work. Those are probably the top three that I would say that I see that I'm that I'm making recommendations for.
Josh Itzoe: Got it. Good advice indeed. Well, this has been a lot of fun and very informational for listeners, certainly from an advisor perspective. When we think about kind of the landscape, it's important, and ultimately, I think to deliver the best experience possible for a plan sponsor is when you get kind of all the professionals kind of working together and kind of in tandem and working for the benefit of the client, and ultimately, the participants. Like I said, I've been really impressed by just quality of your thought leadership and how active you've been in terms of getting your ideas out into the marketplace. I've actually forwarded a number of the things that you've written along throughout my LinkedIn network. So, I would say, keep up the good work from that perspective.
Where can people go to connect with you? You had mentioned that you can do audits all around the country now, especially from kind of this virtual perspective. And you're located in I think Sacramento, is that correct?
Brad Bartells: Yes, we're in Sacramento. The best way, if they want to look me up on my LinkedIn profile, it's got all my contact information there. If people want to find out more about me, that's probably the easiest way to look me up would be looking me up on LinkedIn.
Josh Itzoe: Okay, that's great. I will make sure to put that in the show notes. So, with that, thank you so much, Brad. I appreciate it and have really enjoyed having you on the Fiduciary U™ Podcast and wish you all the best.
Brad Bartells: Thanks, Josh. This has been a lot of fun. And hopefully, there's some information that can help people out there in the world. So, thank you very much, I enjoyed it.
Josh Itzoe: Absolutely. Thanks for listening to today's episode with Brad Bartells from MUN CPAs. If you'd like more information or learn more, go to fiduciaryu.com I've got some great resources there for you, including each episode along with show notes, articles, free tools, and online courses. And if you're an advisor, I've recently launched the Fiduciary U™ Advisor Community, and you can certainly apply for that. I'd love for you to be part of that community that brings together other A players and specialist advisors to help one another get better.
Also, make sure to sign up on the site so we can stay connected. I'd love to help you stay in the know about what's happening in the world of corporate retirement plans. And if you've got questions you'd like me to answer, topics you'd like me to discuss, guests you think would be a good fit for the show or any other feedback, I'd love to hear from you. Also, head over to Amazon and check out my two books, The Fiduciary Formula and Fixing the 401k. And if you want an easy way to support the show, I'd really appreciate you leaving a review on Apple podcasts. It's the best way to help other people find the show and I read each one. Until next time, thanks again for listening to the Fiduciary U™ podcast.
The opinions I express on the show are my own and do not reflect the opinions of my guests or the companies they work for. All statements and opinions expressed are based upon information considered reliable, although it should not be relied upon as such. Any statements or opinions are subject to change without notice. The information and content presented on the show is for educational purposes only, and does not intend to make an offer or solicitation for the sale or purchase of any specific securities, investments, or investment strategies. Investments involve risk, and unless otherwise stated, are not guaranteed. Information expressed does not take into account your specific situation, or objectives, and is not intended as recommendations appropriate for any individual. Listeners are encouraged to seek advice from a qualified tax, legal, or investment advisor to determine whether any information presented may be suitable for their specific situation. And past performance is not indicative of future performance.