Plan Audits Under PEPs: When They’re Required and Who Handles Them
Pooled Employer Plans (PEPs) have reshaped the retirement plan landscape by allowing unrelated employers to band together under a single 401(k) plan structure. Enabled by the SECURE Act, this model promises streamlined administration, lower costs, and stronger fiduciary oversight through a designated Pooled Plan Provider (PPP). Yet, one key compliance feature remains front and center: the plan audit. Understanding when a PEP requires an audit, how it differs from audits for traditional single-employer and Multiple Employer Plan (MEP) arrangements, and who is responsible for managing the process is essential for sound plan governance and ERISA compliance.
What triggers an audit for a PEP?
Under ERISA and Department of Labor (DOL) rules, retirement plans are generally categorized as “small” or “large” for annual reporting on Form 5500. A plan with 100 or more participants at the beginning of the plan year is considered a large plan and typically must include an independent qualified public accountant (IQPA) audit with its Form 5500 filing. The same core threshold applies in the PEP environment.
However, in a PEP, the participant headcount—and thus the “large plan” determination—occurs at the plan level, not the individual adopting employer level. That means the PEP aggregates participants from all adopting employers to determine whether an audit is required. Because many PEPs quickly exceed 100 participants, most are “large plans” requiring an annual audit.
There are a few nuances:
- First-year rule and 80–120 participant rule: Some plans can apply the 80–120 rule to remain small or large for filing purposes in transition years, but this typically applies at the plan level for PEPs and should be confirmed with counsel or the PPP. Eligible small plan exceptions: Certain small plans may qualify for simplified reporting without an audit, but this is uncommon for PEPs given their pooled nature and rapid growth.
Who is responsible for the audit in a PEP?
In a traditional single-employer 401(k), the plan sponsor arranges the audit. In a PEP, the PPP is responsible for plan governance and consolidated plan administration, which generally includes coordinating the annual audit for the plan as a whole. The PPP:
- Engages the independent auditor (subject to independence rules). Coordinates data collection from recordkeepers, custodians, and adopting employers. Oversees the schedule of investments, participant counts, contributions, distributions, and compliance testing data needed for the audit. Ensures timely filing of the Form 5500 with the audit report and schedules.
Adopting employers typically do not procure their own audits for the PEP, even if they are large employers. Instead, they provide the PPP with employer-level data (payroll, eligibility, match formulas, auto-enrollment data, and controlled group details) to support the plan-level audit. This consolidated approach is one of the major benefits of a PEP compared to a MEP or standalone plan—less duplication, centralized accountability, and consistent controls.
How is a PEP audit different from other plan audits?
- Plan-level focus: Auditors test plan-wide controls, transactions, and financial statements. They may sample activity from multiple adopting employers, but the opinion covers the PEP as a single plan. Consolidated plan administration: Because the PPP centralizes retirement plan administration, auditors evaluate the PPP’s processes, the recordkeeper’s systems, and custodial reporting across all employers. Strong documentation of shared services and SLAs is critical. Multiple payroll feeds and employer practices: Auditors often focus on eligibility determinations, timely remittance of deferrals, employer contribution calculations, and auto-enrollment consistency across employers. Variability among adopting employers can heighten risk areas. Unique disclosures: The Form 5500 and financial statements include information reflecting pooled assets, plan provisions, fees, and service provider arrangements across the PEP.
What are the PPP’s fiduciary and operational roles in the audit?
The PPP typically serves as the “named fiduciary” and plan administrator under ERISA, assuming significant fiduciary oversight. In the audit context, that includes:
- Ensuring accurate, complete books and records for the PEP. Overseeing internal controls around contributions, distributions, loans, investment menus, and fee allocations. Coordinating with investment fiduciaries (e.g., 3(38) managers, if appointed) and recordkeepers to substantiate transactions. Managing auditor independence and scope of work. Addressing audit findings promptly with corrective actions and process improvements.
Employers should confirm the PPP’s responsibilities in the PEP document and service agreements. Clear delineation of duties helps avoid gaps, especially for employer-level tasks such as timely payroll remittances, eligibility tracking, and provision of census data.
Best practices to prepare for a PEP audit
- Establish standardized payroll and data interfaces: Consistent file formats and automated validations reduce audit issues tied to eligibility, compensation definitions, and match calculations. Maintain documented plan governance: Minutes from committee meetings (PPP-led or joint), investment reviews, fee benchmarking, and policy updates support ERISA compliance. Monitor remittance timeliness: Late deferral deposits remain a common audit finding; PPPs and employers should track funding timelines and correct delays promptly. Validate plan provisions and operational compliance: Align summary plan descriptions, adoption agreements, and administrative procedures. Misalignment can trigger audit adjustments. Use SOC reports effectively: Review SOC 1 Type II reports for recordkeepers and custodians. Document your evaluation of complementary user entity controls (CUECs). Address prior-year findings: Auditors will follow up on past issues. Demonstrate remediation with evidence of new controls or system changes.
Interaction with SECURE Act and evolving guidance
The SECURE Act created PEPs and clarified the central role of the PPP, including relief from the “one bad apple” rule through improved compliance frameworks. As regulators refine instructions for Form 5500 and related schedules, PEP audits continue to evolve. PPPs should track DOL and IRS updates affecting consolidated reporting, fee disclosure, and compliance testing. Adopting employers should expect periodic requests from the PPP to update census, ownership, and controlled group information, which can impact nondiscrimination testing and audit sampling.
Comparing PEPs and MEPs for audit purposes
Although both are pooled arrangements, a MEP may have different governance structures and employer responsibilities. In many MEPs, the lead sponsor might not serve as pooled employer 401k plans a PPP-equivalent with the same fiduciary obligations. PEPs, by design, centralize fiduciary oversight and plan operations with the PPP, which often results in more cohesive audit preparation, fewer inconsistencies, and better consolidated plan administration. That said, each arrangement depends on its governing documents and service provider contracts, so sponsors should review them carefully.
Consequences of audit deficiencies
Failure to include a required audit pooled employer 401k plans florida with Form 5500 can lead to DOL rejection, penalties, and extended review. Material weaknesses or significant deficiencies identified during an audit require prompt remediation. Both the PPP and adopting employers have roles in corrective action—ranging from revising payroll interfaces to enhancing investment oversight processes—reinforcing the importance of shared accountability in a PEP.
Key takeaways
- Most PEPs exceed the 100-participant threshold and require an annual audit. The PPP coordinates and is primarily responsible for the audit, while adopting employers supply supporting data. Effective plan governance, centralized controls, and proactive remediation drive smoother audits and stronger ERISA compliance. Compared with standalone plans and some MEPs, PEPs benefit from consolidated plan administration and unified fiduciary oversight, which can lower risk and administrative burden.
Questions and Answers
Q1: If my company joins a PEP, will we still need our own plan audit? A1: Generally no. The PEP is audited at the plan level by an IQPA retained by the PPP. Your company must provide accurate data and support requests, but you typically won’t procure a separate audit.
Q2: Who signs the Form 5500 for a PEP? A2: The PPP, as plan administrator or named fiduciary per the plan document, generally signs the Form 5500 and attaches the independent auditor’s report when the PEP is a large plan.
Q3: What are the most common PEP audit findings? A3: Late deferral remittances, eligibility errors, compensation definition mismatches, and incomplete support for distributions or loans. Standardized payroll processes and regular data audits help prevent these.
Q4: Can a small PEP avoid an audit? A4: If the PEP has fewer than 100 participants at the start of the plan year and qualifies as a small plan, it may not require an audit. Because PEPs often grow quickly, this status may be temporary.
Q5: How should employers evaluate a PPP’s audit readiness? A5: Review the PPP’s SOC reports, audit history, control environment, and escalation procedures. Ask about their data integration approach, remediation track record, and how they manage multi-employer operational differences.