When Do You Need an Employee Benefit Plan Audit?

  • Operations
  • 7/10/2025
Woman working on her finances at home

Key insights

  • The Department of Labor requires certain employee benefit plans to have an annual audit.
  • There are generally two types of employee benefit plan audits, and many plan administrators choose the type based on the degree of certification needed, compliance requirements, and cost.
  • In addition to satisfying the regulatory requirement, a 401(k) audit can offer beneficial insights that can lead to process improvements and stronger internal controls for your plan.

Does your 401(k) plan need an audit?

Talk to an Advisor

Employee benefit plan sponsors are responsible for making sure the plan complies with regulations, which includes engaging an Independent Qualified Public Accountant (IQPA) when the plan requires an audit.

Understanding when an audit is needed, what type of audit you need, and what that audit will entail can help keep your plan in compliance with IRS and Department of Labor requirements and avoid common mistakes.

What is an employee benefit plan audit?

An audit provides an independent assessment of your employee benefit plan’s financial statements, including testing plan-specific areas such as contributions, benefit payments, and participant eligibility; evaluating internal controls; identifying any operational or compliance issues; and issuing a formal audit report. Plan sponsors can use it to better understand the plan’s financial health and to help protect both your company and its employees.

As part of annual reporting and Form 5500 filing, 401(k) plans and other qualified   retirement plans with a certain number of participants with a balance in the plan must have an annual audit. 

Prior to 2023 Form 5500 filings, audits were required based on the total number of eligible participants, which included those that were actively participating, former participants that still had a balance in the plan, and also those that were eligible even though not participating in the plan. The rules have since changed to remove the requirement to include those who are eligible and not participating in the participant count.

What triggers a 401(k) audit?

Employee benefit plan audit requirements vary by the number of plan participants.

Retirement plan audit requirements for plans with fewer than 100 participants

Plans with fewer than 100 participants with a balance on the first day of the plan year can file Form 5500-SF, rather than using Form 5500. Form 5500-SF includes a waiver of the annual audit requirement and therefore there is no requirement to attach an Independent Qualified Public Accountant (IQPA) report to your filing.

Retirement plan audit requirements for plans with more than 100 participants 

Plans with more than 100 participants with a balance on the first day of the plan year are considered to be large plans and therefore must use Form 5500. 

In general, this means an audit is required — but there is an exception to this rule:

  • If your plan had previously filed a Form 5500-SF as a small plan in the immediate preceding year, you can continue to file as a small plan until the plan has more than 120 participants with a balance. 
  • Rather than using Form 5500-SF, plans that meet this exception would use Schedule I instead of Schedule H to report financial information. 
  • Once the 120 threshold is met, the participant count would have to drop below 100 to no longer require an annual audit.

Get additional details for when new Form 5500 rules may remove the annual audit requirement. Watch the on-demand webinar.  

What type of employee benefit plan audit do you need?

There are generally two types of retirement plan audits, and they differ in scope and cost.

ERISA (Employee Retirement Income Security Act of 1974) Section 103(a)(3)(C) audit — also known as a 103(a)(3)(C) audit    

When plan management elects a 103(a)(3)(C) audit, the audit need not extend to any statements or information related to assets held for investment of the plan by a bank or similar institution or an insurance carrier that is regulated, supervised, and subject to periodic examination by a state or federal agency, provided that the statements or information regarding assets so held are prepared and certified to by the bank or similar institution or insurance carrier in accordance with 29 CFR 2520.103-5 of the DOL's Rules and Regulations for Reporting and Disclosure under ERISA (qualified institution). 

The qualified institution must certify both the accuracy and completeness of the investment information. In this type of audit, the auditor does not provide an opinion on the investment information that is certified. 

Non-Section 103(a)(3)(C) audit — also known as an ERISA audit

In an ERISA audit, your auditor will not be relying on an asset certification and instead will be performing full audit procedures on the plan investments and related investment income. This audit will include an opinion over the investments and related income.

Does my 401(k) plan need an audit? If so, which audit do I need?

Both the 103(a)(3)(C) and the ERISA audits are acceptable for including in your annual Form 5500 filing. In general, the cost to perform a 103(a)(3)(C) audit is less than that of an ERISA audit. Most plan sponsors opt for a 103(a)(3)(C) audit    if they are able to obtain a proper certification over the investments and investment income.

Stay informed about the latest employee benefit plan rules and auditing standards. Get the report.

What happens in a benefit plan audit?

Once you’ve determined your plan must be audited and the type of audit you need, your plan sponsor must engage an IQPA. They’ll help complete the audit by the Form 5500 filing deadline, which is seven months after the end of the plan year, plus an additional two and a half months if an extension is filed.

The IQPA audits the plan’s financial statements, including procedures around: 

  • Investments (only in an ERISA audit, does not apply for a 103(a)(3)(C) audit)
  • Eligibility
  • Contributions
  • Loans
  • Benefit payments
  • Administrative expenses
  • Other areas as deemed necessary

The audit procedures will not only be performed as required under Generally Accepted Auditing Standards (GAAS), but will also take into consideration certain requirements of ERISA.

Part of the audit procedures will include documenting and assessing the internal controls of the plan. Informally during the audit, and formally at the completion of the audit, your auditor may provide recommendations for improvements in:

  • Internal controls
  • Plan processes or procedures
  • Resolutions for errors and/or compliance issues noted 
  • Other matters

Your plan auditor will also provide other formal, required communications at the completion of the audit.

Once your audit is complete and your auditor has issued the final opinion on the financial statements, attach your IQPA’s report to your Form 5500 filing and electronically file your 5500.

How CLA can help with employee benefit plan audits

A retirement plan audit can offer beneficial insights that can lead to process improvements and stronger internal controls for your plan. 

CLA is one of the leading providers of employee benefit plan audits in the country, and we offer compliance and consulting services that can unlock opportunities for more comprehensive results.

Contact us

Does your 401(k) plan need an audit? Complete the form below to connect with CLA.

Experience the CLA Promise


Subscribe