PLAN MANAGEMENT RESPONSIBILITIES OVER FINANCIAL STATEMENT REPORTING Diane Wasser, CPA Amper Politziner

1
PLAN MANAGEMENTRESPONSIBILITIES OVERFINANCIAL
STATEMENT REPORTINGDiane Wasser, CPAAmper
Politziner Mattia LLPRandy Watson, CPAYanari
Watson McGaughey PC
2
OUTLINE

• PRUDENT GOVERNANCE
• USER CONTROLS and MONITORING SERVICE PROVIDERS
• INVESTMENT VALUATION
• SAS 115
• PREPARING FOR THE ANNUAL AUDIT
• COMMON ERRORS NOTED DURING AN AUDIT
• CENTER TOOLS

3
PRUDENT GOVERNANCE

• Fiduciary standards no change, just more
  magnified in the current environment
• What to do
• Have a Plan Governance Committee
• Have Committee meetings regularly
• Keep written meeting minutes
• Consider an Extra meeting in light of economic
  conditions
• Have an Investment Policy Statement
• Address financial stability of service providers
• Seriously consider an ERISA attorney relationship

4
PRUDENT GOVERNANCE

• Critical to have an effective process to identify
  and manage risk
• Governance culture!

5
Maintaining Effective User Controls and
Monitoring Service Providers
6
Plan Sponsor Responsibilities

• Plan sponsor is subject to certain
  responsibilities
• With fiduciary responsibilities come potential
  liabilities
• Fiduciaries that dont follow basic standards
• May be personally liable to restore any losses to
  the Plan
• May be liable to restore any profits made as a
  result of improper use of Plan assets
• Responsibilities include Plan administration
  functions
• Maintaining books and records
• Filing complete and accurate Form 5500
• Establish safeguards to ensure fiduciary
  responsibilities are met
• One way this can be accomplished is by
  implementing internal controls over financial
  reporting

7
Value of internal controls

• Internal controls protect your plan in two ways
• By minimizing opportunities for unintentional
  errors or intentional fraud that may harm the
  plan.
• - Preventive controls, which are designed to
  discourage errors or fraud, help accomplish this
  objective.
• By discovering small errors before they become
  big problems
• Detective controls, are designed to identify an
  error or fraud after it has occurred.

8
How to establish cost-effective controls

• Controls should be based on a systematic and
  risk-oriented approach, to ensure that there are
  adequate controls in areas with high risk, and
  that controls are not excessive in areas with low
  risk. Before making the decision to adopt a
  control, analyze the costs of establishing and
  maintaining it, and consider
• The potential benefits the control will provide
• The possible consequences of not implementing it

9
How to establish cost-effective controls

• DETERMINE YOUR PLANS CONTROL OBJECTIVES-
• The first step in establishing controls over
  financial reporting at your plan is to determine
  the objectives of the controls, or what you want
  them to achieve reliable financial statements
  that are prepared in accordance with generally
  accepted accounting principles. Controls should
  be designed to address components of the plans
  financial statements, such as plan investments,
  contributions, benefits, participant data and
  plan obligations, participant loans, and
  administrative expenses.

10
Monitoring Controls

• Monitoring your controls is critical!
• Monitoring should be designed to identify and
  correct weaknesses in internal control before
  they can result in a significant misstatement in
  your plans financial statements.
• You should periodically review the design and
  operation of your plans controls, and make
  changes where they are not providing the desired
  results

11
Monitoring Activities

• Your monitoring activities should address the
  following issues
• Are internal controls in place and operating?
  Establishing policies and procedures will have no
  effect if they are not implemented.
• Is the system working as designed?
• Are exceptions and problems identified and
  resolved promptly?
• Are the controls periodically reviewed?

12
Internal Controls

• It is important to keep in mind that your
  auditor, under his or her professional standards,
  cannot be a part of your plans internal control.
  

13
Examples of Selected Controls for Employee
Benefit Plans
14
Contributions - Sample Controls

• Amounts of contributions by employers and
  participants meet authorized or required amounts
• Contribution requirements or limitations are
  described in the plan instrument or collective
  bargaining agreement.
• Contributions are determined using approved
  eligibility lists.
• Actuary is used to make periodic valuations and
  reports.

15
Contributions - Sample Controls

• Contributions are recorded at the appropriate
  amount and in the appropriate period on a timely
  basis
• Sponsor or employer payroll records are compared
  with contribution calculations. In the case of
  multi-employer plans, some form of periodic
  payroll audit is performed.
• Initial controls are established over
  contribution records for both employer and
  participant contributions (e.g., salary reduction
  amounts, after tax and rollovers).
• Clerical accuracy of contribution forms is checked

16
Participant Data - Sample Controls

• Participant data entries are properly recorded on
  a timely basis
• Participant forms (e.g., enrollment, transfers,
  investment allocation, etc.) are controlled and
  are maintained for future reference.
• The number of plan participants is reconciled
  using enrollment forms.
• Participant data entries are updated and
  reconciled to employers personnel and payroll
  records (or participating employers in a
  multi-employer plan).

17
Participant Data - Sample Controls

• Participant eligibility is determined in
  accordance with authorization
• Eligibility is defined in the plan instrument.
• Access to participants data is controlled to
  prevent unauthorized changes or additions
• Employee participation refusals are retained for
  future reference.

18
Reporting - Sample Controls

• Records are maintained in sufficient detail to
  provide for proper and timely reconciliation
• For defined contribution plans, the total of all
  participant account balances is reconciled to the
  net assets in the trustees/asset custodians
  reports on a periodic and timely basis.
• Financial statements, actuarial information,
  disclosures, and supplemental schedules as
  prepared are complete, accurate, and in
  conformity with managements authorization
• Procedures are established to identify required
  disclosure items, for example, party in interest
  transactions and transactions in excess of 5
  percent of plan assets.
• Review of all financial reports and filings.

19
The Importance of Monitoring Service Providers

• Hiring service providers does not relinquish Plan
  Managements ultimate responsibility for Plan
  operations
• Plan Management must
• Oversee the providers and assess their
  performance
• Meet regularly
• Review reports provided

20
What does a SAS 70 mean to me?

• It outlines what user controls are required.
• It is not only for the Auditor!
• It should be reviewed by Plan Management annually
  as part of the third party service provider
  monitoring effort.

21
INVESTMENT VALUATION
22
INVESTMENT VALUATION

• PLAN MANAGEMENT IS HELD RESPONSIBLE FOR
  INVESTMENT VALUATIONS AND FINANCIAL STATEMENT
  DISCLOSURES Even where there are outside
  investment custodians, asset or fund managers, or
  other service providers to assist in determining
  the value of investments on a plans financial
  statements and Form 5500, the DOL holds plan
  management responsible for the proper reporting
  of plan investments. This responsibility cannot
  be outsourced or assigned to a party other than
  plan management.

23
INVESTMENT VALUATION

• While management may look to a valuation service
  provider for the mechanics of the valuation,
  management should have sufficient information to
  evaluate and independently challenge the
  valuation. Therefore, it is important that plan
  management is familiar with the plan assets in
  which a plan invests and the methods and
  significant assumptions used to value them,
  especially for investments in securities or other
  assets for which readily determinable fair market
  values do not exist.
• Controls to employ

24
INVESTMENT VALUATION CONTROLS

• Investment transactions are recorded at the
  appropriate amounts and in the appropriate
  periods on a timely basis
• Detailed subsidiary records are reconciled to
  trust reports on a regular basis
• Control totals from participants records are
  compared to control totals from trust reports on
  a regular basis. Report of trustees/asset
  custodians independent auditor is reviewed
• Purchases and sales (as a result of
  contributions, distributions, etc.)of mutual
  funds are reviewed to determine that the net
  asset value agrees to published quotations.
• Purchases and sales are reviewed to determine
  that
• the appropriate fair value was utilized.

25
INVESTMENT VALUATION CONTROLS

• Investment assets are protected from loss or
  misappropriation
• Responsibility for investment decisions and
  transactions is segregated from custodians
  functions.
• Financial stability of financial institutions
  holding investments is reviewed.
• Written-off investments are reviewed for possible
  appreciation
• Access to computerized investment records is
  limited to those with a logical need for such
  access

26
INVESTMENT VALUATION CONTROLS

• Investments (other than insurance contracts with
  insurance companies) are measured at fair value
• Quotation sources and appraisal reports are
  compared with recorded values.
• Valuation methods are documented in the trust
  agreement or plan committee minutes.
• Investment criteria and objectives are authorized
  and executed in accordance with formal
  authorizations
• Investment criteria or objectives are documented
  in the plan instrument or plan committee minutes

27
INVESTMENT VALUATION CONTROLS

• Review monthly trust reports
• Have regular communications with your investment
  manager
• Compare quotation sources and appraisal reports
  with recorded values.
• Compare values of pooled separate accounts and
  common collective trusts to net asset values
  calculated by the issuer.

28
INVESTMENT VALUATION CONTROLS

• Obtain the financial statements of pooled
  separate accounts and common collective trusts
  and compare unit information contained in the
  financial statements for reasonableness to the
  unit values reported to the plan.
• Document valuation methods in the trust agreement
  or plan committee minutes.
• Have the plan committee approve the basis for
  good faith estimates including independent
  appraisals, if any, and document the basis used.

29
INVESTMENT VALUATION

• Plan management should review investment reports
  detailing investment balances to ensure that they
  are accurate and complete and report appropriate
  investment values based on current or fair value
  as of the date of the report.
• The type of services a trustee or custodian is
  engaged to perform will dictate what information
  is received. The typical custodial service
  provided by custodians and trustees includes
  providing values that are based on the best
  information available to them at the time of the
  report.

30
INVESTMENT VALUATION

• In cases where the plan invests in assets without
  readily determinable fair values, and where the
  trustee or custodian may have been hired only to
  provide custodial services, the values in the
  trust report typically will be a pass-through of
  the values provided by the fund company or
  limited partnership for commingled funds, or by a
  boutique vendor or broker for non-marketable
  securities.

31
INVESTMENT VALUATION

• In such cases, the reported values are based on
  the best information available to the trustee and
  custodian at the time of the report, which may or
  may not be fair value.
• To obtain proper fair values for alternative
  investments one may need to contract for
  valuation services in addition to the custodial
  services provided or, if one has access to
  relevant information about the investment, they
  can perform their own valuation. In any case, it
  is important that management understands how the
  investment values are determined so they can make
  judgment regarding the reliability of the
  information in the reports.

32
INVESTMENT VALUATION

• Plan investments must be valued as of the plans
  year-end.
• Start to inquire NOW, if not already, as to
  whether custodians will provide the information
  necessary to prepare the required financial
  statement disclosures regarding the valuation
  inputs (Levels I, II and III) used to determine
  investments values.

33
INVESTMENT VALUATION

• Investment certifications by banks or similar
  institutions do not relieve plan management of
  its responsibility for properly reporting fair
  values.
• It is important to note that hiring an auditor to
  perform an audit--whether full scope or limited
  scope--does not relieve management of its
  responsibility for the completeness and accuracy
  of the plans investment information reported in
  the Form 5500 and the financial statements.

34
INVESTMENT VALUATION

• An independent auditor may be a good resource to
  consult about the adequacy of valuation
  techniques and the related disclosures,
  Department of Labor and AICPA auditor
  independence rules restrict what non-audit
  (non-attest) services auditors can and cannot
  perform for a plan for which they perform the
  annual financial statement audit (for example,
  Department of Labor rules prohibit the auditor
  from maintaining financial records for the plan).
  

35
INVESTMENT VALUATION

• A plan auditor may provide advice, research
  materials and recommendations to assist you in
  making decisions about the accuracy of investment
  valuations and the adequacy of the related
  disclosures, and in establishing internal
  controls surrounding your investment valuations
  and can also help with the financial statement
  preparation.

36
SAS 115 Changes in Internal Control
Communications
37
SAS 115 - Communications of internal control
related matters to plan management

• Effective for periods ending after December 15,
  2009
• Conforms definitions of control deficiency,
  significant deficiency, and material weakness to
  those in PCAOB AS No. 2
• The term significant deficiency replaces the term
  reportable condition
• Requires written communication of significant
  deficiencies and material weaknesses to
  management and those charged with governance
• Should be communicated even if they were
  communicated in connection with previous audits

38
SAS 115 - Communications of internal control
related matters to plan management

• In an audit of financial statements, an auditor
  is not required to perform procedures to identify
  deficiencies in internal control (par. 4) or to
  express an opinion on the effectiveness of an
  entitys internal control (Not like SOX 404)
• However during the course of an audit, the
  auditor may become aware of control deficiencies
  while obtaining an understanding of internal
  controls, and assessing risk

39
Changes in Internal Control Communications

• Main Changes
• Revised definitions of material weakness and
  significant deficiency
• Revised the list of deficiencies in internal
  control that are indicators of material
  weaknesses
• No longer includes a list of deficiencies that
  ordinarily would be considered at least
  significant deficiencies
• Illustrative letter has been amended

40
Preparing for the Annual Audit
41
Selecting the Auditor

• Firm Information
• Size, location, and history of the CPA firm
• Whether the firm is a member of the AICPA
  Employee Benefit Plan Audit Quality Center
  (EBPAQC)
• Number of employee benefit plan (EBP) clients
• Number of similar type plan audits, including the
  size of each plan (by number of participants
  and/or amount of total assets)
• Number of EBP clients gained/lost in the past
  several years

42
Selecting the Auditor

• States in which the firm is licensed to practice
• Firm references-especially from similar type
  plans-and specific contact information
• The firms latest Peer Review Report, Letter of
  Comments, and firms response (if any) (Also
  available for AICPA EBPAQC members at
  http//www.aicpa.org/ebpaqc)
• Whether the firm is subject to current litigation
• Whether the firm is the subject of any DOL,
  AICPA, or State Society Ethics findings or
  referrals

43
Selecting the Auditor

• Whether the firm meets the independence standards
  of the AICPA and DOL
• The firms working paper retention and access
  policies and requirements
• If filed with the SEC 11-K, whether firm is
  registered with PCAOB
• Whether the firm has insurance coverage (errors
  omissions, workers compensation, etc.)

44
What to expect from the audit process

• Disruption from your daily routine
• Kick-off meeting
• Planning fieldwork stage
• Final fieldwork stage
• Closing meeting
• Final Product

45
What to expect from the auditor

• Inquiries
• Requests for documentation
• Experience
• Knowledge of plan terminology
• Clear line of communication
• Agreed upon schedule
• Helpful recommendations!

46
What the auditor is expecting of you

• Time
• Documentation requested
• Coordinate communication with third party
  providers
• Financial statements

47
Utilize your service provider to help the audit
process

• Share your PBC listing with the TPA
• Audit Package
• SAS 70
• Documentation of participant transactions
• Form 5500
• Testing results

48
What should the TPA provide the auditors?

• As much information as possible up front
• Provide timely answers to testing discrepancies
• May depend on how much responsibility the TPA has
  with the plan, i.e., Are they the trustee?
  Custodian?

49
The TPA should provide

• Organized audit package
• Detailed listing of participant balances
• 157 information
• Draft Form 5500 and all related schedules
• Compliance and discrimination testing
• Allocation of employer contributions
• Loan roll-forward report
• Distribution report
• Transaction information
• SAS 70 report, if available

50
What can you do to keep the fees down?

• Be prepared
• Respond timely to auditor inquiries
• Allow time
• Prepare or assist in preparing work papers
• Do your own word processing

51
COMMON ERRORS NOTED DURING A PLAN AUDIT
52
COMMON ERRORS NOTED DURING A PLAN AUDIT

• Improper application of the definition of
  compensation
• Improper application of the plans eligibility
  provisions
• Improper use of forfeitures in accordance with
  the terms of the plan
• Lack of attention to and documentation of user
  controls
• Lack of inclusion of finance and accounting in
  the process
• Timeliness of deferrals
• Actuarial census errors/outdated information

53
TOOLS!
54
Tools Available to Assist

• Employee Benefit Plan Audit Quality Center
• Website www.aicpa.org/ebpaqc
• Includes multiple resource centers with
  information and tools on EBP topics. Includes
  checklists and resources for research on EB
  topics.
• Includes online member discussion forums
• Includes Topix Primer Series
• Includes Plan Advisories for communication and
  research on plan responsibilities.
• Includes tools for Plan Sponsors
• E-alerts Upcoming developments and events
  (archived on website)
• Live Forum Member Conference Calls
• AICPA Accounting and Auditing Technical Hotline
• 1-877-242-7212, aahotline_at_aicpa.org
  http//www.aicpa.org/members/div/infohot/index.htm
  
• AICPA Ethics Hotline (888)777-7077,
  ethics_at_aicpa.org

55
????????????
The material contained in this presentation is
for general information and should not be acted
upon without prior professional consultation.