Log in

No Need To "Press Your Luck" When It Comes To Government Audits

DWC Knowledge Center Article: Important Information About a 401(k) Government Audit

Few things instill that dreaded feeling quite like an official letter from the Department of Labor (DOL) or Internal Revenue Service (IRS). Your heart creeps up to your throat; your head begins to spin; and panic sets in as you wonder what in the world you are going to do now. It doesn’t have to be this way and we will explore how to turn these feelings of dread into ones of confidence.

What do the DOL and IRS have to do with my retirement plan?

The DOL and IRS are two of the governmental agencies that have jurisdiction over qualified retirement plans; and together they generally audit over 20,000 plans a year. According to the most recent statistics provided by the DOL, there are nearly 640,000 defined contribution plans in the U.S. (513,000 of those being 401(k) plans), covering more than 88 million participants with total assets of $4.5 trillion. To put that into perspective, the GDP in the United Kingdom is $2.7 million – that's four whole countries! So, even though you might feel like the government is picking on the little guy, their focus is maintaining the integrity of the entire American retirement system.   

Are there differences in what each agency is responsible for?

Yes, each agency has separate responsibilities in overseeing retirement plans. 

Department of Labor

The DOL’s main focus is to ensure that all promised benefits are being provided to participants and that plan fiduciaries are acting on the plan’s best interest instead of their own. Specific areas of interest include (but are not limited to) the following:

  • Verifying the timely distribution of plan notices to participants;
  • Confirming timely deposits of employee deferrals and/or loan payments;
  • Validating vesting in distributions to participants;
  • Confirming the prudent selection and monitoring of investment options; and
  • Ensuring that fees paid to plan service providers are reasonable in light of the quality and type of services.

Internal Revenue Service

While there is some overlap with the DOL, the IRS is primarily focused on operational aspects of the plan:

  • Are documents timely signed and dated?
  • Do the plan’s day-to-day operations exactly follow what is written in the plan document?
  • Does the plan pass the nondiscrimination tests each year?
  • Are plan contributions within all the applicable limits?

I’ve heard of ERISA, but what exactly does that mean?

The Employee Retirement Income Security Act of 1974 (“ERISA”) along with the Internal Revenue Code include the rules that govern how retirement plans operate. The DOL is in charge of enforcing ERISA, and the IRS enforces the Code.

What can I do to help prevent an audit?

In short, you can’t. But the best defense is a good offense – conducting self-audits, working with experienced service providers, ensuring you have solid internal procedures in place, and taking plan-related responsibilities seriously. To use another cliché: an ounce of prevention is worth a pound of cure.

By working with knowledgeable service providers, you have already taken the first step in your strategy. We understand this process; we’ve helped other clients through it; we know the rules of the game and have your back regarding plan compliance issues. However, conducting an internal self-audit helps ensure the information given to your service providers is accurate and complete. Areas of focus may include proper classification of different types of compensation on your payroll system or accurate tracking of hours worked by employees. These are areas that are generally outside the purview of plan service providers but still impact plan compliance. It is also helpful for plan fiduciaries to verify items such as their process for depositing contributions timely (is there a backup if someone is on vacation?) and the monitoring of fees and investment options (is there a regular schedule or a process if a change needs to occur?).

Self-audits and solid internal controls will stack the deck in your favor. An understanding of the many and varied plan sponsor requirements also makes a world of difference.

What might trigger an audit?

First and foremost, an audit notice does not necessarily mean something is wrong. You could have been randomly selected because your plan has a certain feature, and the IRS/DOL have seen a lot of plans with that same feature handle it incorrectly. Maybe, a participant called the DOL to complain. Maybe a response on a Form 5500 piqued their curiosity. Our goal in working with our clients is to identify items that may increase the risk of audit and either avoid them or be prepared to respond if/when the IRS or DOL ask, but sometimes audits are just the luck of the draw. 

Okay, I received a request for information letter…now what?

In a nutshell, do not ignore it! This is a great time to use one of your lifelines, “phone a friend,” and call the service provider that assists you with your plan’s compliance, usually your TPA (if you work with DWC, that means us!) They have experience not only with your plan but often with government audits in general. Their assistance and expertise will help ensure the request is handled appropriately. 

This letter may be the first contact you receive and will request a list of documentation. If the initial deadline is a little tight, you can contact the auditor to request an extension. They are usually willing to work with reasonable requests. 

Alright, the auditor has all our information. Now what?

Next comes the site visit. Take special care in determining the personnel who will interact with the auditor. Personnel who are unfamiliar with 401(k) rules may mention items that seem small to them, but might not to an auditor. Confirm all necessary parties will be either present or on-call to address any questions. This may include company personnel, TPA representative, attorney, CPA, payroll provider, investment advisor, etc.

Preparation is critical to ensure a productive on-site meeting.

  • Organization is key – make it easy for the auditor to locate information quickly, but only provide what is requested. This is one instance when over-delivering isn’t always a good thing.
  • Honesty is the best policy – now is not the time to make up answers or give false statements. If you do not know an answer, simply let the auditor know you will research it and get back to them.
  • Courtesy and kindness matter – auditors are just doing their jobs, and many are actually pretty nice people. Be polite and professional, and the process is much less likely to turn adversarial.

The site visit is over! We’re finished, right?

Not quite. The auditor will likely need to take several additional weeks to finish his or her review back at the office. Most audits conclude with a “no action” letter indicating that everything is fine. Some, however, result in a voluntary compliance letter, outlining compliance issues that require further attention. Suffice it to say that addressing said issues is anything but voluntary, but it doesn’t necessarily mean the sky is falling either. Again, this is where you can “phone a friend” for guidance on how best to handle the situation.


No matter how well prepared you are, audits are never a pleasant experience. But taking steps to be prepared will bring you confidence in knowing your plan is running like a well-oiled machine. There is no need to “Press Your Luck!”

Contact DWC