oversight

Audits of Employee Benefit Plans Need to be Strengthened

Published by the Government Accountability Office on 1990-07-24.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

.                      UnhdSt&esGenenlAccomdngOmce                14Ebq
                       lkstirnony



    For Release         AULtits of mloy      Benefit    Plans
    on Delivery         Heed to be strengthened
    Expected at
    1o:cla a.m.
    Tuesday
    July 24, 1990




                       Statement of
                       David L. Clark
                       Associate   Director,     Pinancial
                         Management Systems and Audit
                         Oversight
                       Accounting   and Financial
                         Management Division
                       Before the
                       %bcommittee      on Labor
                       Committee on Labor and Human
                         Resources
                       Ufiit33 States Senate




    GAO/T-AFMD-90-25
                                                                GAopar1ao~lvs7
Mr.     Chairman             and Members of               the Subcommittee:
          I    an pleased              to be here          today       to discuss            the role        that
independent                public       accountants              (IPAs)       play      in auditing          employee

benefit            plans      covered          by the       Employee          Retirement           Income      Security

Act     of     1974        (ERXSA).


          GAO has a number                     of reviews           undervay          in    the    ERISA area.
Our preliminary                 observations                fran     those       reviews          show that         the
Department             of     Labor’s           and IRS'        enforcement             efforts       are    not      as
effective             as they          could       be.      Based      on that,            as well        as on our

reviews            of the role            of     IPA audits           in other          federal       program         areas,
we have            several          suqgestions           for      strengthening               the enforcement               of
ERISA through                 changes           in current          audit      requirements.


          The Department                  of     Labor      has recently              proposed        legislative
changes            to ERISA that                would     help      strengthen             the audits        of
employee            benefit          plans.         Those proposals                  are    consistent         with        some
of     our     suqqestions              for       strengthening             audits.            However,      we believe
additional             steps         are needed           beyond       the Labor            proposals.


RTSKS TO EMPLOYEE BENEFIT PLANS


          ERISA        helps         to ensure           that      employee          benefit       plans     are      free
of     mismanagement,                  fraud,       and abuse          that      place         plan   assets        at
risk         and    threaten           plan      participants’              benefits.             There are
currently           about         900,000         pension               plans      , with         abut         $2 trillion                in
assets,           and about           4.5 million                welfare            benefit           plans.


          Over       the     past      year,           several           groups            have identified               oversiqht
and enforcement                   of employee              benefit.             plans        as      an area        subject           to

high      risk.            For     example,           oversight              and enforcement                    of empioyte
benefit           plans      is     1 of        14 hiqh          risk        federal           proqraaa           we have
targeted           fcr      special         audit         effort.               Our concerns                  have to do vith
the      potential           risks      to       employee               benefit            plans,        and with          the

effect       of      such risks             on the          insurance                fund managed by the                       Pension
Benefit           Guaranty          Corporation                  (:PBCCl.            OMB has included                  the
oversight            af     pension         plans         in      its       list      of      the 78 highest                  risk

areas       in 16 major               agencies.                The Department                     of Labor          Inspector
General           Office          has repeatedly                  warned            that      employee           benefit         plans

are      vulnerable               to fraud            and abuse,             and that               federal       enforcement
efforts           with      respect          to the         plans           are      inadequate,



Federal           Enforcement              Efforts


          The Department                   of    Labor           and the            Internal          Revenue Service
(IRS)       are responsible                     for     enforcing                 ERISA.            As we testified                  on

June       13,     1990,          we believe            that        IRS'           and Labor's            efforts          need
strengthening.1




IFederal  Government's  Oversight   of Pension                                                 and Welfare             Funds
(GAO/T-BRD-90-37,   June 13, 1990).
                                                                        2
         Labor         focuses            its     ERISA enforcement                              efforts           on conducting
investigations                 to ensure                that          administrators                        of    employee         benefit
plans         comply     with         ERISA's              fiduciary               provisions                    and that        the     plans
are     operated          in the best                   interest             of         their          participants.                 Labor

is     also     responsible                 for    enforcing                 ERISA's                  reporting           anal
disclosure             provisions.


         Earlier          this        year,        we initiated                         an assessment                    of Labor’s
ERISA         enforcement             program,              focusing               on its              efforts           to correct
weaknesses             we had previously                             identified.                      Cur      preliminary
observation             is that            while           Labor         has taken                    actions        in recent           years
to     address         many      of the           weaknesses                 in         its          enforcement           program,
many problems                 remain.             Labor's              weaknesses                     can be attributed                  in
part      to the        size         of     its     ERISA enforcement                                 staff.         The staff
currently            totals          about        200,          or      about           1 for          every       4,500        pension
plans.          At     this      staffing               level,           Labor            investigates                   less     than     1
percent         of     the plan             universe             each year.


         One of         IRS'         missions              is        to enforce                 ERISA's           vesting,
participation,                 and funding                  provisions.                         It     accWplishes                this     by
(1)     reviewing             plan        designs           and (2)               examining                  pension       plan        returns
and operations                 for        compliance                  with        tax         laws          and requlations.


         'IRS has increased                       its       eXZUIIinatiOnS                      of     employee           plan
operations,             but places                little              emphasis                on plans            that     are or may
be     underfunded             and posz             a risk              to participants                          and the        PBGC which

                                                                         3
insures          certain         plans.            Further,               IRS is         finding           violations               in     far
fewer       examinations                 than      expected               because          it     is using             outjated
criteria          to identify                  plans        with      characteristics                      that        indicate            a
high       potential            for      ERISA violations.


           Because         of      the      limited          coverage              by    both      Labor          and IRS,
additional              measures          are      needed            to     adequately             protect             plan
participants               aqainst             ERISA        violations,                 as well        &s PBGC.                We
believe          that      IPA audits              can       be      strengthened                 to brinq             about        such

additional              protection.


AUDITS OF EMPLOYEE BENEFIT                                  PLANS


           Under        ERIEA,        the       Department                of     Labor requires                   that

administrators                  of employee                 benefit             plans      with      100      or       more
participants               hire,         on behalf             of     plan        participants,                   an

independent              public          accountant                 (IPA)        to conduct            an annual               audit           of
the     plan’s          financial              statements             and certain                 required             schedules
which       are     to be included                     in    the      plan's            annual       report.                The
Department              of Labor          requires             that         the     administrators                     of     these
plans       submit         their         annual           reports              including          the reports                 on the
annual        audits        to the             Internal            Revenue          Service.               The Department                   of
Labor       makes        copies          of     plan        documents,              includinq              annual           audit
reports,           available             for      inspection                in     a public          disclosure                room      and
supplies           copies        on request.
         Audits            under         generally             accepted              auditing          standards              IGAAS) as
requited         by        ERISA should                 determine              (1)     whether          the       financial
statements            of     the         employee             benefit          plan         present          fairly          the
financial         status            of     the     plan          and chanqes                 in financial                 status         in
accordance            with         generally              accepted             accounting              principles                  and (2)
whether         the        plan     has complied                  with         laws         and requlations                   for     those

transactions                and events                 that      may have a material                          effect          on the
financial           statements.                   As such,              audits         can      be useful               to
regulators            in helping                 to ensure              that         plan     participants’                   interests

are     protected.                 In addit            ion,      audits         can help              provide           additional
discipline            for         plan     administrators                      in fulfillinq                   their         fiduciary
duty      and assurance                   that     they         have complied                   in     all      material
respects         with        laws         and regulations                      having         a material                effect        on
the     financial            statements.


         We believe,                however,             based          on previous              work,          that         the
current         audit        provisions                 for      employee             benefit          plans          do not         go far
enough         in providing                protection               to participants                      in the plans.
We believe            that         the     audit         provisions                  need to be strengthened                             in
at     least     four        ways.


Full-Scope            Audits



         ERISA provides                    that         plan      administrators,                      in hiring              an ~PA
to     audit     an employee                 benefit            plan,          can exclude              from the              scope of
the     audit     assets            that         are     held       by a bank or similar                               institution

                                                                        5
or     insurance           carrier            that         is    regulated,              supervised,                   and subject
to periodic              examination                 by     a state          or federal               agency.             Instead            of
examining            the       financial                institution’s               records           relating            to those
assets,        the       auditor            can,          through         this      exclusion,               accept            the
institution's                  certification                    that      the statement                of assets                received
by the plan              is accurate.                      As a result,              siqnif          icant        aounts              of
plan        assets       are     often            not      audited         by the           plan’s         IPA.          According
to a recent              study         by    the          Department             of Labor           Inspector             General
Office,        more        than        40 percent                of benefit              plan       assets             in a random
sample of            plans       were not                 audited         because         of    this         scope exclusion.
This        scope exclusion                      is often           so significant                  that      IPAs        disclaim--

or do not qive--                 an opinion                 on the financial                    statements.                     The lack
of     an    IPA's       opinion            severely             limits          the usefulness                   of     the         audit

to regulators,                  plan        participants,                  and others.


            The American               Institute                of Certified                Public         Accountants
(AICPA),           the     national              professional                association               of certified
public        accountants,                  has acknowledged                      that       plan      participants
cannot        be     provided           the        full         assurance           contemplated                  by ERISA if
the       IPA'S      audit        is restricted                   to exclude                assets         held         in a bank or
similar        institution                  or     an      insurance             carrier.             The AICPA fully
supports           requiring            full         scope        audits.
Reporting           on Internal                Controls         and
Compliance            with        Laws and Requlations


           Employee          benefit           plan      administrators                       are responsible                    for
establishinq             sound internal                   controls            and for             complying             with           ERISA
and related            Labor         regulations.                Rovever , neither                         plan
administrators                 nor       IPAs auditing                the     plans            are required                 to    report
on internal            controls            and compliance                    with         laws       and requlations.



           We believe             that     the        plan     administrator’s                       report          on internal
controls            and compliance                with        laws and regulations,                            subject            to
auditor         review,           is needed            for     the following                     reasons,


           First,       plan       administrators                 have         a fiduciary                   responsibility
to operate            plans          in the       best        interests             of        plan    participants.
Requiring            plan      administrators                  to report                 to    regulators,

participants,                and others               on the effectiveness                           of the          internal
control         structure,               including            controls             for        compliance             with        laws
and regulations,                   would        help         ensure         that         controls            are being
maintained.              This         requirement              would be consistent                            with
requirements                under        the    Federal         Managers’                 Financial             Integrity               Act

of   1982 that              federal         aqency           heads report                 on their            agencies’
internal            controls.


           Second,          the      federal          government,              as insurer               of defined
benefit         pension           plans,        faces         a significant                    potential             liability


                                                                  7
should         defined         benefit        plans       with         large      unfunded          liabilities
terminate.                Rcquirinq          TPAs to review                plan        administrators'

reports         on     internal          controls         would         help      protect         the federal
government’s                and plan         participants’                interests           and ensure           that
plans       maintain           strong        internal           controls,             adhere      to laws and
requlations,                and properly            report        their         financial           condition.
It   muld          also       provide        an early          warninq          of potential               problems.


          Third,          IPAs have a responsibility                            to protect               the   interests
of participants                    and the government                   when      auditinq          an employte

benefit         plan.          Therefore,           IPAs would             be     expected          to take        a

proactive            role         in assisting          regulators              and plan          administrators
in identifyinq,                   preventing,           and correcting                  problems           in financial
reporti:             and internal             controls.                IPAs are in a unique                     position
to provide             this        assistance.            Further,             expanding          the role         of IPAs
to require             them to report               on plan            administrators*                   assertions         on
internal           controls          and compliance               bitt!        laws     and requlations                is    in
keeping         with        our     belief       that     the     accountinq              profession            should
have greater                responsibility              than      it      currently           has when accepting
an audit           engagement            of a federally                 insured         entity.            We have also
taken       this       position          on artiits        of other             federally           insured
entities,            such      as    savings        and loan            institutions              and banks.


Direct         Reporting            of   Fraud      and Serious                Violations


          AS    part        of reporting            on internal                controls         and compliance
with      laws       and regulations,                we believe                that     fraud          and other
serious           fiduciary          violatiotls           should         be     reported             directly         and
promptly            co regulators.                 We believe             that        the     IPA should              do this
if     the    plan        administrator             does not.


          Traditionally,                auditing           standards             have rccoqniad                   an
auditor-client                  relationship,              with         the auditor’s                 primary         reporting
responsibility                  being     to the          client.            Any      outside          reporting             has
generally            been       considered          the      client's            responsibility,                      Although
the     auditor           may    have a duty,              under         certain        limited           circumstances,
to inform            others       outside          the     client         organization                 of problems,
there        is    no clear          requirement             for        reporting           to regulators.


Peer      Review


        To be reliable,                 audits       of employee                 benefit         plans           need to           be

done in           a quality          manner.         Within             the accounting                 profession,             peer
review        is     a principal           method          used to ensure                   quality         audits.            Al 1

IPAs arc           not      currently          required            to    obtain        a peer          review         of their
practice.


         Peer        review        is the       cornerstone               of the        accounting
profession's               quality       assurance            efforts.                The profession                  uses

various           terms    --qua1 ity          control,            quality         assurance,             practice
monitoring,               and peer       reviev--          to describe                the practice               of
reviewing            a firm's         quality        Control             operations            and procedures                  and

                                                                   9
its    adherence           to standards.                  Peer review             is essentially                   the
verification             by other         accountants              that     an accountant                  or firm         has
a System         of quality             controls          that     provides            reasonable            assurance

that    audits          are conducted                vithin      established              standards.


        Until          1988,      the    profession’s              peer      reviev            progran       was
voluntary.              An initiative                approved           by AICPA members in January
1988 makes peer review                      mandatory             for     those        members in public
practice         as     a condition             of    membership.                However,          not     all      auditors
of employee             benefit         plans        are members           of the AICPA.                   Therefore,
some auditors              of employee               oenefit       plans         are     not     currently
required            to have       a Feet        review.


GAO Suqgestions


        We be1 ieve            that      audit        provisions           for     employee              benefit         plans
need to be strengthened                         in the         following          four         ways:



       1.      The scope exclusion                      should          be repealed             to require            IPAr-
               to     audit       all    benefit          plan     assets.


       2.       Plan     administrators                 should          be required             to report           on
               pl ans ’ internal                controls         and Compliance                  vith      laws and
               regulations.               IPhs        should       be required                 to report         on
                administrator's                 assertions.




                                                                                                                                 I
       3.         IPAs should               be     required         to report           directly             and    promptly               E

                  to requlators                  on employee             benefit        plan         fraud      and other
                  serious           fiduciary            violations           when plan            administrators                     do
                  not      report         such      problems.


       4.         All      IPAs that             audit      employee          benefit        plans           should         be

                  required           to obtain             a peer        review.


LEGISLATIVE                PROPOSALS BY TBE
DEPARTMENT OF LABOR


          The Department                   of      Labor      has recently              proposed             legislative
changes           to ERISA which                   would      eliminate             the audit          scope exclusion
of assets               held     by requlated               financial           institutions                 and would            also
require           that       IPAs which             conduct         required          ERISA audits                 obtain         a

peer      review           every         3 years          in order        to remain            qualified              to

perform           such audits.                   We strongly             support        these         proposals,


            In    addition,              the     Department           of Labor          has taken             steps         to
encourage               IPAs to provide                  more audit           coverage          of     employee             benefit
plans'           compliance              with      laws     and requlations.                    Specifically,                    Labor
is working                with     the     AICPA in           its     OnqOinq revision                  of     audit
guidance            for      employee            benefit       plans         that     would       include           inc-eased
compliance                auditing.              We believe           that     this      is a good beginning.
However,            these        efforts          should       be expanded              to     incl*sde        our
suggestion                that     plan         administrators               report      on their             internal

                                                                    11
control           system       and      compliance             with      laws and requlations,                     and that
auditors           review       and report               on those          assertions.



            Labor        has not       made       any legislative                  proposals          to require            IPAs
to report            major      fraud        or    serious            fiduciary          violations           directly           to
the       Department           of     Labor       when the plan                  administrator           does      not
fulfill           this      responsibility.


            In conclusion,               effective             controls           are    necessary        to
adequately               safeguard          the    nation's             employee         benefit       plans       against

mismanagement,                 fraud,         and abuse.                IPAs,      because          of the     unique
role       they      have as auditors                    of    the      plans,       are in         a prime      position
to ensure            that      such safeguards                   are in place              to   effectively
protect           the     interests          of    plan        participants              and       the government.                    -
To that           end,      we believe            that        current        audit       provisions           should        be

strengthened                to more effectively                       use IPAs as an oversight                        and
enforcement               mechanism          under        ERISA.


          Mr.     Chairman,          this     completes              my Statement.                  I would      be
pleased           to,an.swer         any questions                you or other              members of           the
Subcommittee                may have,




                                                                 12