Limited Scope 401(k) Audit: What It Is & When Needed
A limited scope 401(k) audit can reduce the amount of testing your auditor performs—but it doesn’t reduce your fiduciary responsibility. Here’s what “limited scope” really means, when it applies, and how it compares to a full-scope audit.
If your plan is approaching (or has crossed) the “large plan” threshold, you may hear your auditor or TPA mention a limited scope 401(k) audit. It can sound like a shortcut—and in some ways it is—but it’s also easy to misunderstand. The key is knowing what gets “limited,” what does not, and what your responsibilities remain as the plan sponsor.
Below is a plain-English guide to what a limited scope audit is, when you need it, and how it differs from other benefit plan audits.
What is a limited scope 401(k) audit?
A limited scope 401(k) audit is a type of ERISA plan audit where the auditor is allowed to exclude (or “scope out”) certain investment information from detailed audit testing—but only when that information is properly certified by a qualified financial institution.
This option comes from ERISA and Department of Labor (DOL) rules that permit an auditor to rely on a certification of investment information prepared by an eligible institution (commonly a bank, trust company, or insurance company) or a similar qualified entity. The DOL provides background on employee benefit plan audits and the auditor’s role here: DOL/EBSA Employee Benefit Plan Audits.
Important: “Limited scope” does not mean the audit is optional, and it does not mean the auditor is doing less work overall in every area. It means the auditor may reduce testing over certified investment information—not over contributions, eligibility, loans, distributions, or plan operations.
If you’re still getting oriented to audits generally, see What Is a 401(k) Audit and When Do I Need One? for a broader overview.
When do you need a limited scope 401(k) audit?
You don’t “need” a limited scope audit specifically—you need a plan audit when your plan is required to have one, and then you determine whether it can be performed as limited scope based on your plan’s facts and the certification available.
Most commonly, an annual audit is required when your plan is considered a large plan for Form 5500 reporting purposes (generally, when you have 100 or more eligible participants at the beginning of the plan year, subject to certain DOL rules and exceptions). The audit is typically filed with your Form 5500. For a plain-English explanation, read What is a Form 5500?.
You may be able to have a limited scope audit when:
Your plan’s investments are held by a qualified institution that can issue a proper certification (often your recordkeeper/custodian or trustee arrangement).
The certification covers the investment information the auditor would otherwise test (for example, investment existence and valuation as presented in the financial statements).
Your auditor agrees the certification meets the DOL requirements and is appropriate for the engagement.
Even with a certification, your auditor may still need to perform procedures around how investment activity flows through the plan (for example, contributions coming in and being invested, distributions being paid out, and whether transactions align with plan provisions).
Tip: If you’re close to the threshold, it’s smart to plan ahead. Late filings can get expensive quickly. See The High Cost of Non-Compliance: Penalties for Late or Rejected Form 5500 Audits.
How a limited scope audit is different from a full-scope 401(k) audit
The biggest difference is the auditor’s level of testing over investment information.
In a limited scope audit, the auditor generally:
Obtains and evaluates the certification from the qualified institution.
Does not perform detailed audit testing on the certified investment information (for example, certain valuation and existence procedures).
Still tests many other plan areas (eligibility, contributions, distributions, loans, administrative expenses, participant data, and compliance with plan terms).
In a full-scope audit, the auditor generally:
Performs detailed testing over investments (existence, valuation, and related investment transactions), in addition to other plan areas.
Does not “scope out” investment information based on a certification.
What stays the same either way: Your fiduciary responsibility. A limited scope audit does not shift responsibility away from the plan sponsor. The DOL makes clear that plan officials are responsible for maintaining plan records and ensuring filings are accurate and complete. (See the DOL/EBSA audit fact sheet linked above.)
How a limited scope audit is different from other benefit plan audits
Plan sponsors often manage more than one type of benefit plan. Here’s how the limited scope concept fits into the bigger picture:
403(b) plans: Similar ERISA audit concepts can apply, but 403(b) plans can have unique contract and custodial account structures. If you sponsor a 403(b), see 403(b) Auditors.
Defined benefit plans: These audits often focus heavily on actuarial information, benefit obligations, and funded status—very different from participant-directed 401(k) investment lineups. See defined benefit plan auditors.
ESOPs: ESOP audits can involve employer stock valuation and unique compliance requirements. See ESOP auditors.
Health & welfare plans: These audits emphasize eligibility, claims, premium/stop-loss activity, and participant contributions. See health & welfare plan auditors.
If you’re comparing audit firms across plan types, you can also browse all employee benefit plan auditors or start with 401(k) auditors specifically.
What your auditor will still test (and what you should prepare)
Even in a limited scope audit, the auditor typically performs substantial testing. Plan sponsors can reduce stress (and fees) by preparing early and gathering documents in a clean, organized way.
Common areas tested include:
Eligibility and participation: Are employees entering the plan on time and under the right terms?
Employee and employer contributions: Are deferrals, match, and profit sharing calculated correctly and deposited timely?
Loans and distributions: Are loans administered per the plan document? Are distributions supported and taxed correctly?
Administrative expenses: Are fees reasonable, properly allocated, and permitted by the plan?
Financial statement presentation: Does the plan’s financial reporting tie to records and disclosures?
For a practical checklist-style guide, review What Is Needed for a 401(k) Audit and Where Do I Find It?.
Common misconceptions about limited scope audits
“Limited scope means less risk.” Not necessarily. Operational issues (late deposits, missed eligibility, incorrect match) can still create real compliance exposure.
“Our recordkeeper handles it all.” Recordkeepers are important partners, but the plan sponsor remains responsible for oversight and accurate reporting.
“If we can’t do limited scope, we’re in trouble.” Not at all. A full-scope audit is common and may be appropriate depending on how assets are held and what can be certified.
Related compliance items plan sponsors shouldn’t overlook
A limited scope audit is only one piece of the compliance puzzle. Depending on your plan, you may also need to think about:
Form 5500 accuracy and timeliness: The IRS provides Form 5500 resources here: IRS Form 5500 Corner.
ERISA bonding: Many plans must have an ERISA fidelity bond to protect the plan from fraud or dishonesty. See What Is An ERISA Bond And How To Buy One? and browse ERISA bond providers.
Getting the right support team: If you’re re-evaluating your advisor relationship, see How To Hire A Retirement Plan Advisor and explore 401(k) financial advisors or ERISA attorneys for legal guidance when needed.
Conclusion: Use “limited scope” strategically, not casually
A limited scope 401(k) audit can be a practical option when your plan’s investment information is properly certified by a qualified institution. But it’s not a free pass—your auditor will still test key operational and compliance areas, and your fiduciary responsibility remains the same.
If you’re approaching the large-plan threshold or want a second opinion on whether your plan qualifies for limited scope treatment, start by talking with an experienced audit firm. You can compare qualified firms here: find 401(k) auditors (or browse all auditors if you sponsor multiple plan types).