QUESTION: This year, our company has scheduled a voluntary compliance self-audit of the company’s ERISA welfare plan. What issues should we consider in planning and carrying out our compliance audit?
ANSWER: Every plan sponsor should periodically perform a voluntary compliance audit of its employee benefit plans for compliance with ERISA and other legal requirements. Generally, the primary goal of a voluntary compliance audit is to identify and promptly correct compliance failures before they are discovered during a governmental audit. (For what to expect in a DOL audit, see our Checkpoint Question of the Week.) A compliance audit can also help the plan sponsor avoid unnecessary participant claims and potential lawsuits. There is no “standard” review format or procedure for a voluntary compliance audit, but here are some key issues to consider:
- What will be the scope and focus of the audit? The scope and focus of the audit should be clearly identified in advance. A compliance audit might include all of the plan sponsor’s welfare plans or a specific plan—for example, the health plan. For a health plan, it might be a comprehensive review of all legal requirements under ERISA or group health plan mandates, it might focus on a narrower issue such as claims procedures or COBRA compliance, or it might focus only on issues that the DOL or other governmental agencies have identified as enforcement priorities. The DOL’s Compliance Assistance webpage includes specific resources for a variety of plans and issues.
- Is it important for the results to have the protection of the attorney-client privilege? If your company wants the protection of the attorney-client privilege for the audit’s results, you will need to engage an attorney before beginning the audit process. The attorney, in turn, would engage consultants or other service providers to assist with the process, and communicate the audit results back to your company. There should be a written service agreement or engagement letter with any consultants or other service providers engaged to assist with the self-audit.
- How will results be communicated? The audit’s conclusions can be provided to management as part of an oral presentation or in written form. Generally, it is advisable to limit the group to whom the results are reported and, as noted above, to adhere to requirements for maintaining attorney-client privilege (if that protection is desired). This is especially important if your company might be unable or unwilling to correct all errors quickly (for example, there might be too many issues to address at once or the cost to correct might significantly outweigh the potential exposure). Keep in mind that, in a DOL audit, the investigator may ask to see the results of any compliance self-audits.
- Is the employer prepared to address errors it might find? Problems identified in a compliance audit should be addressed promptly. Continuing the same practices after they are discovered could be considered a “knowing” violation for purposes of criminal penalties and might form the basis for breach of fiduciary duty claims. If the audit reveals numerous issues, it is advisable to develop a compliance plan that focuses on the most important issues first and permits administrative staff sufficient time to make corrections accurately.
For more information, including a summary of the steps involved in a voluntary compliance audit and a checklist of audit issues and underlying documents, see EBIA’s ERISA Compliance manual at Section XXXIII (“Voluntary Compliance Audits for ERISA Welfare Plans”); see also EBIA’s Self-Insured Health Plans manual at Section XXXII.E (“Voluntary Compliance Audits of Self-Insured Health Plans”).
Contributing Editors: EBIA Staff.