550 likes | 684 Views
PLAN MANAGEMENT RESPONSIBILITIES OVER FINANCIAL STATEMENT REPORTING Diane Wasser, CPA Amper Politziner & Mattia LLP Randy Watson, CPA Yanari Watson McGaughey PC. OUTLINE. PRUDENT GOVERNANCE USER CONTROLS and MONITORING SERVICE PROVIDERS INVESTMENT VALUATION SAS 115
E N D
PLAN MANAGEMENTRESPONSIBILITIES OVERFINANCIAL STATEMENT REPORTINGDiane Wasser, CPAAmper Politziner & Mattia LLPRandy Watson, CPAYanari Watson McGaughey PC
OUTLINE • PRUDENT GOVERNANCE • USER CONTROLS and MONITORING SERVICE PROVIDERS • INVESTMENT VALUATION • SAS 115 • PREPARING FOR THE ANNUAL AUDIT • COMMON ERRORS NOTED DURING AN AUDIT • CENTER TOOLS
PRUDENT GOVERNANCE • Fiduciary standards – no change, just more magnified in the current environment • What to do: • Have a Plan Governance Committee • Have Committee meetings regularly • Keep written meeting minutes • Consider an “Extra” meeting in light of economic conditions • Have an Investment Policy Statement • Address financial stability of service providers • Seriously consider an ERISA attorney relationship
PRUDENT GOVERNANCE • Critical to have an effective process to identify and manage risk • Governance culture!
Maintaining Effective User Controls and Monitoring Service Providers
Plan Sponsor Responsibilities • Plan sponsor is subject to certain responsibilities • With fiduciary responsibilities come potential liabilities • Fiduciaries that don’t follow basic standards • May be personally liable to restore any losses to the Plan • May be liable to restore any profits made as a result of improper use of Plan assets • Responsibilities include Plan administration functions • Maintaining books and records • Filing complete and accurate Form 5500 • Establish safeguards to ensure fiduciary responsibilities are met One way this can be accomplished is by implementing internal controls over financial reporting
Value of internal controls Internal controls protect your plan in two ways: • By minimizing opportunities for unintentional errors or intentional fraud that may harm the plan. - Preventive controls, which are designed to discourage errors or fraud, help accomplish this objective. • By discovering small errors before they become big problems • Detective controls, are designed to identify an error or fraud after it has occurred.
How to establish cost-effective controls • Controls should be based on a systematic and risk-oriented approach, to ensure that there are adequate controls in areas with high risk, and that controls are not excessive in areas with low risk. Before making the decision to adopt a control, analyze the costs of establishing and maintaining it, and consider: • The potential benefits the control will provide • The possible consequences of not implementing it
How to establish cost-effective controls • DETERMINE YOUR PLAN’S CONTROL OBJECTIVES- The first step in establishing controls over financial reporting at your plan is to determine the objectives of the controls, or what you want them to achieve: reliable financial statements that are prepared in accordance with generally accepted accounting principles. Controls should be designed to address components of the plan’s financial statements, such as plan investments, contributions, benefits, participant data and plan obligations, participant loans, and administrative expenses.
Monitoring Controls • Monitoring your controls is critical! • Monitoring should be designed to identify and correct weaknesses in internal control before they can result in a significant misstatement in your plan’s financial statements. • You should periodically review the design and operation of your plan’s controls, and make changes where they are not providing the desired results
Monitoring Activities • Your monitoring activities should address the following issues: • Are internal controls in place and operating? Establishing policies and procedures will have no effect if they are not implemented. • Is the system working as designed? • Are exceptions and problems identified and resolved promptly? • Are the controls periodically reviewed?
Internal Controls • It is important to keep in mind that your auditor, under his or her professional standards, cannot be a part of your plan’s internal control.
Contributions - Sample Controls • Amounts of contributions by employers and participants meet authorized or required amounts: • Contribution requirements or limitations are described in the plan instrument or collective bargaining agreement. • Contributions are determined using approved eligibility lists. • Actuary is used to make periodic valuations and reports.
Contributions - Sample Controls • Contributions are recorded at the appropriate amount and in the appropriate period on a timely basis: • Sponsor or employer payroll records are compared with contribution calculations. In the case of multi-employer plans, some form of periodic payroll audit is performed. • Initial controls are established over contribution records for both employer and participant contributions (e.g., salary reduction amounts, after tax and rollovers). • Clerical accuracy of contribution forms is checked
Participant Data - Sample Controls • Participant data entries are properly recorded on a timely basis: • Participant forms (e.g., enrollment, transfers, investment allocation, etc.) are controlled and are maintained for future reference. • The number of plan participants is reconciled using enrollment forms. • Participant data entries are updated and reconciled to employers’ personnel and payroll records (or participating employers in a multi-employer plan).
Participant Data - Sample Controls • Participant eligibility is determined in accordance with authorization: • Eligibility is defined in the plan instrument. • Access to participants’ data is controlled to prevent unauthorized changes or additions: • Employee participation refusals are retained for future reference.
Reporting - Sample Controls • Records are maintained in sufficient detail to provide for proper and timely reconciliation: • For defined contribution plans, the total of all participant account balances is reconciled to the net assets in the trustee’s/asset custodian’s reports on a periodic and timely basis. • Financial statements, actuarial information, disclosures, and supplemental schedules as prepared are complete, accurate, and in conformity with management’s authorization: • Procedures are established to identify required disclosure items, for example, party in interest transactions and transactions in excess of 5 percent of plan assets. • Review of all financial reports and filings.
The Importance of Monitoring Service Providers • Hiring service providers does not relinquish Plan Management’s ultimate responsibility for Plan operations • Plan Management must : • Oversee the providers and assess their performance • Meet regularly • Review reports provided
What does a SAS 70 mean to me? • It outlines what user controls are required. • It is not only for the Auditor! • It should be reviewed by Plan Management annually as part of the third party service provider monitoring effort.
INVESTMENT VALUATION • PLAN MANAGEMENT IS HELD RESPONSIBLE FOR INVESTMENT VALUATIONS AND FINANCIAL STATEMENT DISCLOSURES — Even where there are outside investment custodians, asset or fund managers, or other service providers to assist in determining the value of investments on a plan’s financial statements and Form 5500, the DOL holds plan management responsible for the proper reporting of plan investments. This responsibility cannot be outsourced or assigned to a party other than plan management.
INVESTMENT VALUATION • While management may look to a valuation service provider for the mechanics of the valuation, management should have sufficient information to evaluate and independently challenge the valuation. Therefore, it is important that plan management is familiar with the plan assets in which a plan invests and the methods and significant assumptions used to value them, especially for investments in securities or other assets for which readily determinable fair market values do not exist. • Controls to employ
INVESTMENT VALUATION CONTROLS Investment transactions are recorded at the appropriate amounts and in the appropriate periods on a timely basis: • Detailed subsidiary records are reconciled to trust reports on a regular basis • Control totals from participant’s records are compared to control totals from trust reports on a regular basis. Report of trustee’s/asset custodian’s independent auditor is reviewed • Purchases and sales (as a result of contributions, distributions, etc.)of mutual funds are reviewed to determine that the net asset value agrees to published quotations. • Purchases and sales are reviewed to determine that the appropriate fair value was utilized.
INVESTMENT VALUATION CONTROLS • Investment assets are protected from loss or misappropriation: • Responsibility for investment decisions and transactions is segregated from custodian’s functions. • Financial stability of financial institutions holding investments is reviewed. • Written-off investments are reviewed for possible appreciation • Access to computerized investment records is limited to those with a logical need for such access
INVESTMENT VALUATION CONTROLS • Investments (other than insurance contracts with insurance companies) are measured at fair value: • Quotation sources and appraisal reports are compared with recorded values. • Valuation methods are documented in the trust agreement or plan committee minutes. • Investment criteria and objectives are authorized and executed in accordance with formal authorizations: • Investment criteria or objectives are documented in the plan instrument or plan committee minutes
INVESTMENT VALUATION CONTROLS • Review monthly trust reports • Have regular communications with your investment manager • Compare quotation sources and appraisal reports with recorded values. • Compare values of pooled separate accounts and common collective trusts to net asset values calculated by the issuer.
INVESTMENT VALUATION CONTROLS • Obtain the financial statements of pooled separate accounts and common collective trusts and compare unit information contained in the financial statements for reasonableness to the unit values reported to the plan. • Document valuation methods in the trust agreement or plan committee minutes. • Have the plan committee approve the basis for “good faith” estimates including independent appraisals, if any, and document the basis used.
INVESTMENT VALUATION • Plan management should review investment reports detailing investment balances to ensure that they are accurate and complete and report appropriate investment values based on current or fair value as of the date of the report. • The type of services a trustee or custodian is engaged to perform will dictate what information is received. The typical custodial service provided by custodians and trustees includes providing values that are based on the best information available to them at the time of the report.
INVESTMENT VALUATION • In cases where the plan invests in assets without readily determinable fair values, and where the trustee or custodian may have been hired only to provide custodial services, the values in the trust report typically will be a pass-through of the values provided by the fund company or limited partnership for commingled funds, or by a boutique vendor or broker for non-marketable securities.
INVESTMENT VALUATION • In such cases, the reported values are based on the best information available to the trustee and custodian at the time of the report, which may or may not be fair value. • To obtain proper fair values for alternative investments one may need to contract for valuation services in addition to the custodial services provided or, if one has access to relevant information about the investment, they can perform their own valuation. In any case, it is important that management understands how the investment values are determined so they can make judgment regarding the reliability of the information in the reports.
INVESTMENT VALUATION • Plan investments must be valued as of the plan’s year-end. • Start to inquire NOW, if not already, as to whether custodians will provide the information necessary to prepare the required financial statement disclosures regarding the valuation inputs (Levels I, II and III) used to determine investments values.
INVESTMENT VALUATION • Investment certifications by banks or similar institutions do not relieve plan management of its responsibility for properly reporting fair values. • It is important to note that hiring an auditor to perform an audit--whether full scope or limited scope--does not relieve management of its responsibility for the completeness and accuracy of the plan’s investment information reported in the Form 5500 and the financial statements.
INVESTMENT VALUATION • An independent auditor may be a good resource to consult about the adequacy of valuation techniques and the related disclosures, Department of Labor and AICPA auditor independence rules restrict what non-audit (non-attest) services auditors can and cannot perform for a plan for which they perform the annual financial statement audit (for example, Department of Labor rules prohibit the auditor from maintaining financial records for the plan).
INVESTMENT VALUATION • A plan auditor may provide advice, research materials and recommendations to assist you in making decisions about the accuracy of investment valuations and the adequacy of the related disclosures, and in establishing internal controls surrounding your investment valuations and can also help with the financial statement preparation.
SAS 115 - Communications of internal control related matters to plan management • Effective for periods ending after December 15, 2009 • Conforms definitions of control deficiency, significant deficiency, and material weakness to those in PCAOB AS No. 2 • The term significant deficiency replaces the term reportable condition • Requires written communication of significant deficiencies and material weaknesses to management and those charged with governance • Should be communicated even if they were communicated in connection with previous audits
SAS 115 - Communications of internal control related matters to plan management • In an audit of financial statements, an auditor is not required to perform procedures to identify deficiencies in internal control (par. 4) or to express an opinion on the effectiveness of an entity’s internal control (Not like SOX 404) • However during the course of an audit, the auditor may become aware of control deficiencies while obtaining an understanding of internal controls, and assessing risk
Changes in Internal Control Communications • Main Changes • Revised definitions of material weakness and significant deficiency • Revised the list of deficiencies in internal control that are indicators of material weaknesses • No longer includes a list of deficiencies that ordinarily would be considered at least significant deficiencies • Illustrative letter has been amended
Selecting the Auditor Firm Information • Size, location, and history of the CPA firm • Whether the firm is a member of the AICPA Employee Benefit Plan Audit Quality Center (EBPAQC) • Number of employee benefit plan (EBP) clients • Number of similar type plan audits, including the size of each plan (by number of participants and/or amount of total assets) • Number of EBP clients gained/lost in the past several years
Selecting the Auditor States in which the firm is licensed to practice Firm references-especially from similar type plans-and specific contact information The firm’s latest Peer Review Report, Letter of Comments, and firm’s response (if any) (Also available for AICPA EBPAQC members at http://www.aicpa.org/ebpaqc) Whether the firm is subject to current litigation Whether the firm is the subject of any DOL, AICPA, or State Society Ethics findings or referrals
Selecting the Auditor Whether the firm meets the independence standards of the AICPA and DOL The firms’ working paper retention and access policies and requirements If filed with the SEC 11-K, whether firm is registered with PCAOB Whether the firm has insurance coverage (errors & omissions, workers’ compensation, etc.)
What to expect from the audit process • Disruption from your daily routine • Kick-off meeting • Planning fieldwork stage • Final fieldwork stage • Closing meeting • Final Product
What to expect from the auditor • Inquiries • Requests for documentation • Experience • Knowledge of plan terminology • Clear line of communication • Agreed upon schedule • Helpful recommendations!
What the auditor is expecting of you • Time • Documentation requested • Coordinate communication with third party providers • Financial statements
Utilize your service provider to help the audit process • Share your PBC listing with the TPA • Audit Package • SAS 70 • Documentation of participant transactions • Form 5500 • Testing results
What should the TPA provide the auditors? • As much information as possible up front • Provide timely answers to testing discrepancies • May depend on how much responsibility the TPA has with the plan, i.e., Are they the trustee? Custodian?
The TPA should provide… • Organized audit package • Detailed listing of participant balances • 157 information • Draft Form 5500 and all related schedules • Compliance and discrimination testing • Allocation of employer contributions • Loan roll-forward report • Distribution report • Transaction information • SAS 70 report, if available
What can you do to keep the fees down? • Be prepared • Respond timely to auditor inquiries • Allow time • Prepare or assist in preparing work papers • Do your own word processing