What Is Needed for a 401(k) Audit and Where Do I Find It?
Preparation is the single biggest factor in a smooth audit. Knowing exactly what documents are required—and more importantly, where to locate them—can turn a potential headache into a manageable checklist.
Receiving notice that your company’s retirement plan requires an audit can be a source of stress for many HR directors and plan sponsors. However, the audit process is a standard part of ensuring your plan remains compliant and operates in the best interest of your employees.
Preparation is the single biggest factor in a smooth audit. Knowing exactly what documents are required—and more importantly, where to locate them—can turn a potential headache into a manageable checklist. Whether you are searching for Employee benefit plan Auditors for the first time or looking to streamline your existing process, this guide covers the essentials of what you need and where to find it.
When is a 401(k) Audit Required?
Generally, federal law requires an audit when a plan covers 100 or more participants at the beginning of the plan year. These are classified as "large plans" and must file Schedule H with their Form 5500.
There is a notable exception known as the "80-120 Participant Rule." If your plan has between 80 and 120 participants at the beginning of the year, and you filed as a "small plan" the previous year, you may be able to continue filing as a small plan (avoiding an audit) until you exceed 120 participants.
If you have triggered this threshold, you will need to hire an Independent Qualified Public Accountant (IQPA) to conduct the audit. This isn't just for 401(k)s; similar rules often apply if you manage other plans, requiring a specific 403b auditor or defined benefit auditor.
The Essential 401(k) Audit Checklist
Your auditor will provide a specific request list (PBC list), but most audits revolve around three core categories: Plan Documents, Financial Reports, and Participant Data.
1. Plan and Compliance Documents
These documents prove that your plan is written correctly and follows IRS/DOL regulations.
Executed Plan Document & Adoption Agreement: The legal foundation of your plan.
IRS Determination or Opinion Letter: Proof that the plan structure is IRS-approved.
Summary Plan Description (SPD): The booklet given to employees explaining the plan.
Amendments: Any legal changes made to the plan during the year.
Fidelity Bond: Proof of insurance protecting the plan against fraud or dishonesty.
2. Financial and Investment Records
For most plans, you will likely opt for an ERISA Section 103(a)(3)(C) audit (formerly known as a limited-scope audit). This requires a specific certification from your custodian.
Form 5500: A draft of the current year’s filing and a copy of the prior year’s.
Asset Certification: A statement from a qualified institution (bank/insurer) certifying the accuracy of the investments.
Trust Reports: Summaries of total plan assets, gains/losses, and transactions.
SOC 1 Report: A report on the internal controls of your recordkeeper or payroll provider.
3. HR and Payroll Data
Auditors need to verify that eligible employees were offered the plan and that contributions match payroll records.
Census Data: A complete list of all employees (eligible and ineligible) with DOB, hire date, termination date, and compensation.
Payroll Journals: Reports showing gross pay and 401(k) withholdings for the year.
Distribution & Loan Forms: Paperwork supporting any money taken out of the plan by participants.
I-9s or Personnel Files: To verify hire dates and eligibility for a sample of employees.
Where to Find These Documents
One of the biggest hurdles is knowing who holds which piece of the puzzle. Here is a breakdown of where to look:
Your Recordkeeper or Third-Party Administrator (TPA)
Your TPA is your best friend during an audit. They typically have an online portal where you can download:
The Plan Document, Adoption Agreement, and Amendments.
The Asset Certification required for 103(a)(3)(C) audits.
Trust reports and participant account statements.
SOC 1 Reports: You must specifically ask for this or look in the "compliance" section of your provider portal.
Your Payroll Provider
You will need to log into your payroll system or contact your representative to generate:
Annual payroll summaries (W-3 or equivalent).
Individual payroll registers for specific pay periods selected for testing.
Evidence of timely deposits (reports showing when funds left the company bank account vs. when they hit the plan).
Internal HR Files
Some items must come directly from your internal records:
Fidelity Bond: Check with your business insurance broker or risk manager.
Meeting Minutes: If you have a retirement committee, the auditor will want to see minutes showing you reviewed plan performance and fees.
Personnel Files: Hiring documents and termination notices are usually kept internally.
Selecting the Right Auditor
ERISA audits are highly specialized. The Department of Labor frequently finds deficiencies in audits performed by generalist firms that do not specialize in employee benefit plans. Whether you need a standard 401(k) auditor, or you have more complex needs like an ESOP auditor or health and welfare auditor, expertise matters.
According to the Department of Labor's guide on selecting an auditor, plan administrators are responsible for ensuring the audit is quality. A poor audit can lead to rejected filings and civil penalties.
To find qualified professionals who specialize in this niche, you can search our directory of providers. We help you connect with verified experts, ensuring your audit is efficient, compliant, and painless.