. UnhdSt&esGenenlAccomdngOmce 14Ebq lkstirnony For Release AULtits of mloy Benefit Plans on Delivery Heed to be strengthened Expected at 1o:cla a.m. Tuesday July 24, 1990 Statement of David L. Clark Associate Director, Pinancial Management Systems and Audit Oversight Accounting and Financial Management Division Before the %bcommittee on Labor Committee on Labor and Human Resources Ufiit33 States Senate GAO/T-AFMD-90-25 GAopar1ao~lvs7 Mr. Chairman and Members of the Subcommittee: I an pleased to be here today to discuss the role that independent public accountants (IPAs) play in auditing employee benefit plans covered by the Employee Retirement Income Security Act of 1974 (ERXSA). GAO has a number of reviews undervay in the ERISA area. Our preliminary observations fran those reviews show that the Department of Labor’s and IRS' enforcement efforts are not as effective as they could be. Based on that, as well as on our reviews of the role of IPA audits in other federal program areas, we have several suqgestions for strengthening the enforcement of ERISA through changes in current audit requirements. The Department of Labor has recently proposed legislative changes to ERISA that would help strengthen the audits of employee benefit plans. Those proposals are consistent with some of our suqqestions for strengthening audits. However, we believe additional steps are needed beyond the Labor proposals. RTSKS TO EMPLOYEE BENEFIT PLANS ERISA helps to ensure that employee benefit plans are free of mismanagement, fraud, and abuse that place plan assets at risk and threaten plan participants’ benefits. There are currently about 900,000 pension plans , with abut $2 trillion in assets, and about 4.5 million welfare benefit plans. Over the past year, several groups have identified oversiqht and enforcement of employee benefit. plans as an area subject to high risk. For example, oversight and enforcement of empioyte benefit plans is 1 of 14 hiqh risk federal proqraaa we have targeted fcr special audit effort. Our concerns have to do vith the potential risks to employee benefit plans, and with the effect of such risks on the insurance fund managed by the Pension Benefit Guaranty Corporation (:PBCCl. OMB has included the oversight af pension plans in its list of the 78 highest risk areas in 16 major agencies. The Department of Labor Inspector General Office has repeatedly warned that employee benefit plans are vulnerable to fraud and abuse, and that federal enforcement efforts with respect to the plans are inadequate, Federal Enforcement Efforts The Department of Labor and the Internal Revenue Service (IRS) are responsible for enforcing ERISA. As we testified on June 13, 1990, we believe that IRS' and Labor's efforts need strengthening.1 IFederal Government's Oversight of Pension and Welfare Funds (GAO/T-BRD-90-37, June 13, 1990). 2 Labor focuses its ERISA enforcement efforts on conducting investigations to ensure that administrators of employee benefit plans comply with ERISA's fiduciary provisions and that the plans are operated in the best interest of their participants. Labor is also responsible for enforcing ERISA's reporting anal disclosure provisions. Earlier this year, we initiated an assessment of Labor’s ERISA enforcement program, focusing on its efforts to correct weaknesses we had previously identified. Cur preliminary observation is that while Labor has taken actions in recent years to address many of the weaknesses in its enforcement program, many problems remain. Labor's weaknesses can be attributed in part to the size of its ERISA enforcement staff. The staff currently totals about 200, or about 1 for every 4,500 pension plans. At this staffing level, Labor investigates less than 1 percent of the plan universe each year. One of IRS' missions is to enforce ERISA's vesting, participation, and funding provisions. It accWplishes this by (1) reviewing plan designs and (2) examining pension plan returns and operations for compliance with tax laws and requlations. 'IRS has increased its eXZUIIinatiOnS of employee plan operations, but places little emphasis on plans that are or may be underfunded and posz a risk to participants and the PBGC which 3 insures certain plans. Further, IRS is finding violations in far fewer examinations than expected because it is using outjated criteria to identify plans with characteristics that indicate a high potential for ERISA violations. Because of the limited coverage by both Labor and IRS, additional measures are needed to adequately protect plan participants aqainst ERISA violations, as well &s PBGC. We believe that IPA audits can be strengthened to brinq about such additional protection. AUDITS OF EMPLOYEE BENEFIT PLANS Under ERIEA, the Department of Labor requires that administrators of employee benefit plans with 100 or more participants hire, on behalf of plan participants, an independent public accountant (IPA) to conduct an annual audit of the plan’s financial statements and certain required schedules which are to be included in the plan's annual report. The Department of Labor requires that the administrators of these plans submit their annual reports including the reports on the annual audits to the Internal Revenue Service. The Department of Labor makes copies of plan documents, includinq annual audit reports, available for inspection in a public disclosure room and supplies copies on request. Audits under generally accepted auditing standards IGAAS) as requited by ERISA should determine (1) whether the financial statements of the employee benefit plan present fairly the financial status of the plan and chanqes in financial status in accordance with generally accepted accounting principles and (2) whether the plan has complied with laws and requlations for those transactions and events that may have a material effect on the financial statements. As such, audits can be useful to regulators in helping to ensure that plan participants’ interests are protected. In addit ion, audits can help provide additional discipline for plan administrators in fulfillinq their fiduciary duty and assurance that they have complied in all material respects with laws and regulations having a material effect on the financial statements. We believe, however, based on previous work, that the current audit provisions for employee benefit plans do not go far enough in providing protection to participants in the plans. We believe that the audit provisions need to be strengthened in at least four ways. Full-Scope Audits ERISA provides that plan administrators, in hiring an ~PA to audit an employee benefit plan, can exclude from the scope of the audit assets that are held by a bank or similar institution 5 or insurance carrier that is regulated, supervised, and subject to periodic examination by a state or federal agency. Instead of examining the financial institution’s records relating to those assets, the auditor can, through this exclusion, accept the institution's certification that the statement of assets received by the plan is accurate. As a result, siqnif icant aounts of plan assets are often not audited by the plan’s IPA. According to a recent study by the Department of Labor Inspector General Office, more than 40 percent of benefit plan assets in a random sample of plans were not audited because of this scope exclusion. This scope exclusion is often so significant that IPAs disclaim-- or do not qive-- an opinion on the financial statements. The lack of an IPA's opinion severely limits the usefulness of the audit to regulators, plan participants, and others. The American Institute of Certified Public Accountants (AICPA), the national professional association of certified public accountants, has acknowledged that plan participants cannot be provided the full assurance contemplated by ERISA if the IPA'S audit is restricted to exclude assets held in a bank or similar institution or an insurance carrier. The AICPA fully supports requiring full scope audits. Reporting on Internal Controls and Compliance with Laws and Requlations Employee benefit plan administrators are responsible for establishinq sound internal controls and for complying with ERISA and related Labor regulations. Rovever , neither plan administrators nor IPAs auditing the plans are required to report on internal controls and compliance with laws and requlations. We believe that the plan administrator’s report on internal controls and compliance with laws and regulations, subject to auditor review, is needed for the following reasons, First, plan administrators have a fiduciary responsibility to operate plans in the best interests of plan participants. Requiring plan administrators to report to regulators, participants, and others on the effectiveness of the internal control structure, including controls for compliance with laws and regulations, would help ensure that controls are being maintained. This requirement would be consistent with requirements under the Federal Managers’ Financial Integrity Act of 1982 that federal aqency heads report on their agencies’ internal controls. Second, the federal government, as insurer of defined benefit pension plans, faces a significant potential liability 7 should defined benefit plans with large unfunded liabilities terminate. Rcquirinq TPAs to review plan administrators' reports on internal controls would help protect the federal government’s and plan participants’ interests and ensure that plans maintain strong internal controls, adhere to laws and requlations, and properly report their financial condition. It muld also provide an early warninq of potential problems. Third, IPAs have a responsibility to protect the interests of participants and the government when auditinq an employte benefit plan. Therefore, IPAs would be expected to take a proactive role in assisting regulators and plan administrators in identifyinq, preventing, and correcting problems in financial reporti: and internal controls. IPAs are in a unique position to provide this assistance. Further, expanding the role of IPAs to require them to report on plan administrators* assertions on internal controls and compliance bitt! laws and requlations is in keeping with our belief that the accountinq profession should have greater responsibility than it currently has when accepting an audit engagement of a federally insured entity. We have also taken this position on artiits of other federally insured entities, such as savings and loan institutions and banks. Direct Reporting of Fraud and Serious Violations AS part of reporting on internal controls and compliance with laws and regulations, we believe that fraud and other serious fiduciary violatiotls should be reported directly and promptly co regulators. We believe that the IPA should do this if the plan administrator does not. Traditionally, auditing standards have rccoqniad an auditor-client relationship, with the auditor’s primary reporting responsibility being to the client. Any outside reporting has generally been considered the client's responsibility, Although the auditor may have a duty, under certain limited circumstances, to inform others outside the client organization of problems, there is no clear requirement for reporting to regulators. Peer Review To be reliable, audits of employee benefit plans need to be done in a quality manner. Within the accounting profession, peer review is a principal method used to ensure quality audits. Al 1 IPAs arc not currently required to obtain a peer review of their practice. Peer review is the cornerstone of the accounting profession's quality assurance efforts. The profession uses various terms --qua1 ity control, quality assurance, practice monitoring, and peer reviev-- to describe the practice of reviewing a firm's quality Control operations and procedures and 9 its adherence to standards. Peer review is essentially the verification by other accountants that an accountant or firm has a System of quality controls that provides reasonable assurance that audits are conducted vithin established standards. Until 1988, the profession’s peer reviev progran was voluntary. An initiative approved by AICPA members in January 1988 makes peer review mandatory for those members in public practice as a condition of membership. However, not all auditors of employee benefit plans are members of the AICPA. Therefore, some auditors of employee oenefit plans are not currently required to have a Feet review. GAO Suqgestions We be1 ieve that audit provisions for employee benefit plans need to be strengthened in the following four ways: 1. The scope exclusion should be repealed to require IPAr- to audit all benefit plan assets. 2. Plan administrators should be required to report on pl ans ’ internal controls and Compliance vith laws and regulations. IPhs should be required to report on administrator's assertions. I 3. IPAs should be required to report directly and promptly E to requlators on employee benefit plan fraud and other serious fiduciary violations when plan administrators do not report such problems. 4. All IPAs that audit employee benefit plans should be required to obtain a peer review. LEGISLATIVE PROPOSALS BY TBE DEPARTMENT OF LABOR The Department of Labor has recently proposed legislative changes to ERISA which would eliminate the audit scope exclusion of assets held by requlated financial institutions and would also require that IPAs which conduct required ERISA audits obtain a peer review every 3 years in order to remain qualified to perform such audits. We strongly support these proposals, In addition, the Department of Labor has taken steps to encourage IPAs to provide more audit coverage of employee benefit plans' compliance with laws and requlations. Specifically, Labor is working with the AICPA in its OnqOinq revision of audit guidance for employee benefit plans that would include inc-eased compliance auditing. We believe that this is a good beginning. However, these efforts should be expanded to incl*sde our suggestion that plan administrators report on their internal 11 control system and compliance with laws and requlations, and that auditors review and report on those assertions. Labor has not made any legislative proposals to require IPAs to report major fraud or serious fiduciary violations directly to the Department of Labor when the plan administrator does not fulfill this responsibility. In conclusion, effective controls are necessary to adequately safeguard the nation's employee benefit plans against mismanagement, fraud, and abuse. IPAs, because of the unique role they have as auditors of the plans, are in a prime position to ensure that such safeguards are in place to effectively protect the interests of plan participants and the government. - To that end, we believe that current audit provisions should be strengthened to more effectively use IPAs as an oversight and enforcement mechanism under ERISA. Mr. Chairman, this completes my Statement. I would be pleased to,an.swer any questions you or other members of the Subcommittee may have, 12
Audits of Employee Benefit Plans Need to be Strengthened
Published by the Government Accountability Office on 1990-07-24.
Below is a raw (and likely hideous) rendition of the original report. (PDF)