Examples of Internal Control Communications

for Employee Benefit Plans

Copyright 2017 by
The American Institute of Certified Public Accountants, Inc.
New York, NY 10036-8775
 Examples of Internal Control Communications
For Employee Benefit Plans

Contents

INTRODUCTION ................................................................................................................................................. 4
EXAMPLE COMMENTS ...................................................................................................................................... 4
Fiduciary Responsibilities ..................................................................................................................... 4
Review and reconciliation of plan level trust statements ................................................................. 5
Internal Control Over Financial Reporting .......................................................................................... 5
Financial Statement Knowledge .......................................................................................................... 6
Documentation of the Oversight Process ........................................................................................... 6
Segregation of Duties ............................................................................................................................ 8
Investments ................................................................................................................................................. 8
Selecting, Monitoring, and Valuing Plan Investments ...................................................................... 8
Securities Lending................................................................................................................................ 10
Bank Reconciliations ........................................................................................................................... 10
Participant Loans ...................................................................................................................................... 10
Loan Repayments ................................................................................................................................ 10
Interest Rates ....................................................................................................................................... 11
Documentation ..................................................................................................................................... 12
Loan Policy ............................................................................................................................................ 12
No loan policy ....................................................................................................................................... 12
Participant Accounts ................................................................................................................................ 12
Monitoring .............................................................................................................................................. 12
Duplicate Accounts .............................................................................................................................. 13
Contributions ............................................................................................................................................. 13
Employee Contributions ...................................................................................................................... 13
Employer Contributions ....................................................................................................................... 16
Eligibility ..................................................................................................................................................... 17
Distributions............................................................................................................................................... 17
Benefit Payments ................................................................................................................................. 17
Claims Processing ............................................................................................................................... 18
Vesting Matters..................................................................................................................................... 18

Page 2 of 27
Third Party Service Providers ................................................................................................................. 19
Monitoring and Review ........................................................................................................................ 19
Payroll/Personnel Records and Census Data ...................................................................................... 21
Maintaining Records ............................................................................................................................ 21
Demographic Data ............................................................................................................................... 22
Census Data ......................................................................................................................................... 22
Payroll Compliance Audits—Multiemployer Plans .......................................................................... 23
Plan Fees and Expenses ........................................................................................................................ 23
Plan Fees .............................................................................................................................................. 23
Plan Expenses—Multiemployer Plans .............................................................................................. 24
Parties In Interest ..................................................................................................................................... 25
Documentation ..................................................................................................................................... 25
Transactions with Parties in Interest ................................................................................................. 26
Other .......................................................................................................................................................... 26
Forfeitures ............................................................................................................................................. 26
Uncashed checks ................................................................................................................................. 26
Plan Amendments ................................................................................................................................ 27
Regulatory Compliance Oversight ..................................................................................................... 27

Page 3 of 27
 Examples of Internal Control Communications
for Employee Benefit Plans

INTRODUCTION
This non-authoritative document was prepared to assist Center members in preparing internal
control communications to their employee benefit plan clients. It contains example comments that
may be useful in preparing required communications of internal control related matters identified in
your audits, management letters, and other internal control communications.

The examples contained herein have been taken from actual communications prepared by
practitioners that have been edited to protect confidentiality. The company names used in the
examples are fictitious. Any resemblance or similarities to real companies are entirely coincidental
and beyond the intent of the Center.

These examples are for illustrative purposes only and should be modified for the individual circumstances
of each engagement. For example, the following requirements in AU-C 265, Communicating Internal
Control Related Matters Identified in an Audit, may affect the information communicated by the auditor:

 The auditor should communicate to management at an appropriate level of responsibility, on a

timely basis in writing or orally, other deficiencies in internal control identified during the audit that
have not been communicated to management by other parties and that, in the auditor's professional
judgment, are of sufficient importance to merit management's attention.

 The auditor should include in the written communication of significant deficiencies and material
weaknesses an explanation of their potential effects.

As a result of the second requirement above, the auditor may need to revise certain of these
illustrative comments to add an explanation of the potential effects if the auditor determines the
circumstances indicate that the deficiency is a significant deficiency or material weakness. As
described in AU-C 265, the determination as to whether the deficiency is a material weakness,
significant deficiency, or deficiency in internal control is a matter of the auditor's professional
judgment.

Although professional standards do not require the auditor to make recommendations for improving
internal control, they do not preclude such recommendations. As such, many firms provide
recommendations as a value-added service.

EXAMPLE COMMENTS
Oversight of the Financial Reporting Process
Fiduciary Responsibilities

Financial statement reporting, review, and reconciliation

During our audit, we noted the third party administrator, [TPA NAME], was not submitting
[periodic] plan reports to the sponsor to enable the Plan Sponsor to review and reconcile
contributions, distributions, and participants’ accounts. Based on internal control inquiries
made of Plan personnel, the Plan Sponsor appears to be relying on [TPA NAME] to perform
reconciliations for the Plan.

Page 4 of 27
 According to [PLAN SECTION], authority for overseeing the plan transactions rests with [any
or all] of the following parties: the Company as Plan Administrator/Plan Sponsor, the record
keeper/TPA for the Plan, and the custodian/insurance company holding the Plan’s
assets. The ultimate responsibility for these actions rests with the entity or entities designated
as “fiduciary” under ERISA.

A fiduciary under ERISA is any party who exercises any discretionary authority or control over
the Plan’s management; exercises any authority or control over the management or
disposition of the Plan’s assets; renders investment advice for a fee or other compensation
with respect to Plan funds; or has any discretionary authority or responsibility in the Plan’s
administration. Service providers are generally not considered fiduciaries but they may be
liable to the Plan or Plan Sponsor based upon traditional theories of negligence, malpractice,
or fraud.

Under ERISA, the Plan’s “named fiduciary,” and generally the Pla n Administrator, has the
primary responsibility for protecting Plan assets. In this case [NAME OF COMMITTEE,
PERSON, OR ENTITY] has been designated the Plan Administrator. It is important to be
aware that service provider errors may ultimately be deemed the responsibility of the Plan
Administrator. Care should be taken and procedures established for the Plan Administrator to
periodically review and reconcile the investments and other records of the Plan.

We recommend that on a [periodic] basis, plan management review the reports available on
[VENDOR’s] website to reconcile contributions recorded against the contributions per the plan
sponsor’s payroll and contribution records and to look for any unusual items. We further
recommend that the plan management become more familiar with the reports available within
the [VENDOR] website to enhance their internal controls around financial reporting for the
Plan.

Review and reconciliation of plan level trust statements

During our audit inquiries of management, we noted there is a very minimal review and reconciliation of
the Plan level trust statements and activity throughout the year. It is our understanding that
management does not review hardcopy trust statements. We recommend that management contact
their providers to request that statements be mailed to them or discuss how to obtain this information
via the websites. We also recommend that Plan management establish policies and procedures to
ensure that Plan trust statements are being reviewed and reconciled with client files on a periodic basis
and are in agreement with their records. This process is important to document the oversight of the Plan
and minimize your risk as a fiduciary.

Internal Control Over Financial Reporting

Establish internal control over the preparation of financial statements

The Plan does not have an internal control system designed to provide for the preparation of
the financial statements and related financial statement disclosures being audited. As
auditors, we were requested to draft the financial statements and accompanying notes to the
financial statements. Although this circumstance is not unusual for a Plan of your size, the
preparation of financial statements as a part of the audit engagement may result in financial
statements and related information included in financial statements disclosures not being
available for management purposes as timely as it would be if prepared by Plan personnel. It
is the responsibility of management and those charged with governance to determin e whether
to accept the risk associated with this condition because of cost or other considerations.

Establish internal control over financial statement preparation and review

Plan management is responsible for establishing and maintaining internal cont rol and for the
fair presentation of the net assets available for benefits, changes in net assets available for

Page 5 of 27
 benefits, supplementary information, and disclosures in the financial statements, in conformity
with U.S. generally accepted accounting principles (GAAP). The Plan does not have a system
of internal control that would provide management with reasonable assurance that the Plan
financial statements and related disclosures are complete and presented in accordance with
GAAP. As such, management requested us to compile the trial balance from plan records and
prepare a draft of the financial statements, including the related note disclosures.

Financial Statement Knowledge

Financial statement knowledge (1)

During our audit, we noted that the client (e.g., the assistant controller or human resource
supervisor) prepares the financial statements using the year-end trial balance provided by the
recordkeeper. However, the trial balance prepared by the recordkeeper is not prepared on the
accrual basis and it was necessary for the auditor to propose adjusting journal entries to
record the contributions receivable and expenses p ayable at year-end. In addition, it was
necessary for the auditor to propose a number of revisions to the notes to the financial
statements (e.g. disclosure of effect of significant plan amendments) to enable the disclosures
to be in accordance with generally accepted accounting principles. The client personnel do not
appear to have the necessary knowledge and skill to prepare employee benefit plan financial
statements in accordance with generally accepted accounting principles.

We recommend that the company utilize individuals from the corporate finance department
with the requisite knowledge and skill in employee benefit plan generally accepted accounting
principles to prepare the financial statements. In addition, we recommend that a current
disclosure checklist from the AICPA be used to ensure propriety and completeness of the
financial statement notes.

Financial statement knowledge (2)

During our audit, we noted that the Plan employs competent individuals who understand the
Plan’s operations and its challenges. Personnel record the day-to-day transactions of the Plan
in a consistent manner, but they are not as proficient in applyi ng and implementing complex
accounting guidance. As a result, it was necessary for us to propose a number of adjusting
journal entries and prepare the Plan’s financial statements in accordance with generally
accepted accounting principles, including the appropriate note disclosures. It appears that the
Plan does not currently require personnel to have the industry-specific training, knowledge
and level of skill needed to prepare its financial statements. The potential effect of this control
deficiency is that a misstatement or omission in the financial statements would not be
prevented, detected or corrected on a timely basis. We recommend that Plan management
evaluate the situation. Management should consider the current capabilities of employees and
the amount of additional expense the Plan would incur as a result of training or hiring
individuals with the necessary skills or knowledge to produce financial statements including
note disclosures.

Documentation of the Oversight Process

Documentation of the oversight process

During our audit, we noted that Plan management did not document its plan oversight
meetings during the year. Meeting minutes serve as important documentation that a fiduciary
process was followed, and the Plan is being prudently managed. We recommend that Plan
management implement a policy to document their regular meetings and any important
decisions or discussions held during these meetings, to include the following:

Page 6 of 27
  Date, time and location of the meeting
 Identification of the people present at the meeting
 Reference to any investment reports used during the meeting
 Participation issues such as education, goals for increasing the number of participants, or
deferral rates
 Plan fee issues
 Fund performance issues
 Decisions made, such as the decision to place a specific fund on a formal or informal “watch
list” that will need to be addressed at a future meeting
 Decisions made which require immediate action, such as the decision to remove and/or replace
a fund in the Plan’s line-up

Documentation of the oversight process (2)

There were no formal minutes maintained for actions taken by the trustee during the year.
With the complexity of investment alternatives and the tax laws covering the qualifications of
the Plan and fiduciary responsibilities of the trustee, it is important that the plan sponsor
adequately document the due diligence exercised over the operations of the Plan.

We recommend the trustee establish procedures for carrying out the above and document the
establishment of those procedures in formal minutes. Periodic plan-administrative meetings
should include consideration of items such as:

 Review of Plan’s investment performance

 Selection of investment options
 Creation and monitoring of investment policy
 Evaluation of service providers
 Report from the plan administrator
 Employee complaints or concerns, if known
 Report from investment advisor, if applicable
 Consideration and approval of plan amendments (or recommendation of amendments for the
Board of Directors)
 Compliance with ERISA regulations

Documentation of the oversight process (3)

To demonstrate the fulfillment of its fiduciary responsibilities, the Plan Administrative

Committee should conduct regular meetings. The fiduciary guidelines of ERISA require the
named fiduciaries of the Plan carry out due diligence in monitoring and administering Plan
operations. While it is likely the operations of the Plan are being adequately managed and
executed, without documented minutes of meetings held and decisions made, it would be
difficult, if not impossible, to demonstrate management’s due diligence in this area.

Documentation of the oversight process (4)

The Board of Directors should authorize a Plan Administrative Committee that could conduct
regular meetings to demonstrate the fulfillment of Plan management’s fiduciary
responsibilities. The fiduciary guidelines of ERISA require the named fiduciaries of the Plan
carry out due diligence in monitoring and administering Plan operations. We recommend the
Board of Directors create a Plan Administrative Committee and this committee meet regularly.
While it is likely the operations of the Plan are being adequately managed and executed,
without documented minutes of meetings held and decisions made by a Plan Administrative
Committee, it would be difficult, if not impossible, to demonstrate management’s due diligence
in this area.

Page 7 of 27
 Documentation of the oversight process (5)

During our audit, we noted that minutes are not kept of regular meetings regarding the Plan.
The Employee Retirement Income Security Act (ERISA) defines numerous fiduciary duties
trustees have in relation to the Plan. Among the fiduciary duties, trustees should hold timely,
periodic meetings with minutes which document the activities of the fiduciary. The minute s
should record that the trustees have regularly reviewed agreements with third party
administrators and investment managers, compliance with 408(b)(2) service provider notices
and also investment policies. In addition, reasons for changes in third party a dministrators,
investment managers, and investment policies should be documented. The minutes should
also record the trustees’ review of the list of parties in interest and prohibited transactions;
approval of benefit payments; employer contributions; and investment results. This important
documentation establishes that the trustees are actively involved in managing the Plan for the
benefit of the Plan’s participants and their beneficiaries, which is part of their fiduciary
responsibility.

Authorization of discretionary matching and profit sharing not documented in minutes

There was no authorization of the employer discretionary match or discretionary profit sharing
amount in the investment committee meeting minutes for 20XX. Absence of an approval of the
discretionary contributions could expose the Company to an increased risk that the incorrect
amount, if any, is allocated to participants. We recommend that you include in the investment
committee minutes the amount and authorization of the discretionary ma tch and discretionary
profit sharing contributions.

Segregation of Duties

Lack of segregation of duties

Due to the relatively small size of the Plan, ideal segregation of duties cannot be achieved.
This is not unusual for a Plan of your size; however the lack of segregation of duties increases
the risk of fraud related to misappropriation of assets, financial statement misstatement, or
both. The Plan Administrator and management should constantly be aware of this condition. It
is the responsibility of management and those charged with governance to make the decision
to accept the degree of risk associated with this condition because of cost or other
considerations. While we recognize it may not be cost effective to justify implementing a full
segregation of duties for an extensive system of internal control in all areas, we believe it is
important that management and those charged with governance are aware that some
deficiencies may exist and that they should continue to apply diligent oversight and monitori ng
activities.

Investments
Selecting, Monitoring, and Valuing Plan Investments

Plan management controls related to hard-to-value investments

During our audit we noted that the plan invests in hard-to-value investments, but the plan sponsor
and plan management do not have controls in place related to valuing and reporting those hard-
to-value investments. Plan management is responsible for implementing effective internal control
over financial reporting (i.e., a process and internal controls over tha t process to ensure that the
plan’s hard-to-value investments are reported in the financial statements at amounts in
accordance with generally accepted accounting principles and the plan’s stated accounting
policies). The process and controls include having a sufficient understanding of the nature of the
underlying investments, the portfolio strategy of the investments, and the method and significant
assumptions used by the fund manager to value the underlying investments. In addition to the

Page 8 of 27
potential negative effect on participant account balances, this lack of internal control may make it
more difficult for the plan sponsor and plan management to ensure that plan information is
complete and accurate, financial statements are reliable, and laws and regulati ons are complied
with.

We have enclosed the Plan Advisories entitled, The Importance of Internal Controls in Financial
Reporting and Safeguarding Plan Assets, and Valuing and Reporting Plan Investments developed
by the AICPA Employee Benefit Audit Quality Center. These Plan Advisories can assist you in
fulfilling your responsibilities for establishing and monitoring internal control over and valuing your
plan’s alternative investments.

Investment understanding and valuation

Generally accepted accounting principles generally require that the plan’s investments be
reported at fair value. Fair value is defined under Financial Accounting Standards Board
Accounting Standards Codification Topic 820 as the price that would be received to sell an asset
or paid to transfer a liability in an orderly transaction between market participants at the
measurement date. Currently, Plan management does not have processes or controls in pla ce to
evaluate or determine if plan investments are properly reported at fair value .

Although plan management may outsource investment management activities and obtain pricing
information from third parties, plan management is ultimately responsible for the valuation of
investments as presented in the plan’s financial statements and to con sider how third party input
is used in estimating or determining fair value. This responsibility cannot be delegated to a party
outside of management, even in situations where the plan’s trustee or custodian or insurance
company certifies the completeness and accuracy of the investments. Therefore, plan
management should establish procedures and controls designed to allow plan management to
understand and document the pricing inputs and methodologies used to value the plan’s
investments in order to properly report and disclose this information.

Reporting of fully benefit responsive investment contracts

Generally accepted accounting principles require that fully benefit responsive investment
contracts be reported at contract value. Currently, plan management does not have processes or
controls in place to evaluate or determine if these contracts are fully benefit responsive.

Although plan management may outsource investment management activities and obtain pricing
information from third parties, plan management is ultimately responsible for the valuation of
investments as presented in the plan’s financial statements and to consider how third party input
is used in estimating or determining value. This responsibility cannot be delegated to a party
outside of management, even in situations where the plan’s trustee or custodian or insurance
company certifies the completeness and accuracy of the investments. Therefore, plan
management should establish procedures and controls designed to allow plan management to
understand and document the evaluation of whether investment contracts are fully benefit
responsive in order to properly report and disclose this information.

Knowledge of investment arrangements

During our audit, we noted that the client personnel [possibly name personnel, e.g., the assistant
controller or human resource supervisor], who prepares the financial statements, is not
knowledgeable regarding the various investment arrangements entered into on behalf of the plan
and the financial statement implications of those arrangements. The treasury department has
significant knowledge regarding the types of investment arrangements but is not involved in the
accounting and reporting functions for the plan. As a result, the plan financial statements
prepared did not contain the proper accounting for plan investments and required disclosures
under generally accepted accounting principles. For example, it was necessary for the auditor to
propose adjustments to the statement of net assets and revisions to the note d isclosures relating
to the plan’s security lending arrangement with the trustee.

Page 9 of 27
 It is recommended that either (1) the client personnel increase his or her knowledge of the
investment arrangements by working with the treasury department or (2) the treasur er become
more involved in the financial statement preparation process.

Securities Lending

Financial statement presentation of securities lending transactions

During our audit procedures, we noted that there was inef fective design and operation of the
financial closing and reporting process, resulting in the misapplication of the accounting and
disclosure requirements related to securities lending transactions, as governed by Financial
Accounting Standards Board (FASB) Accounting Standards Codification™ ( ASC) 860, Transfers
and Servicing.

We recommend that the plan sponsor review all security lending transactions to ensure that they
are properly presented in the Plan’s financial statements and accompanying notes in accordance
with FASB ASC 860.

Bank Reconciliations

Missing records
While performing procedures related to the ABC Supplemental Unemployment Benefit Plan, it
was noted that the client could not locate the December 20X0 bank statement and reconciliation
for the Plan Checking Account. While no issues were noted in previous years or in other months
related to these bank reconciliations, we recommend that the Company implement procedures to
retain such records.

Preparation of bank reconciliations

We noted during our audit that the bank statements are delivered to management but no bank
reconciliations have been prepared. This account is in the name of the Retirement Plan for the
Employees of ABC, Inc. Bank reconciliations are an important internal control procedure to
ensure that all assets are accounted for and that any errors are detected and corrected on a
timely basis, and the failure to perform reconciliations may result in undetected errors, stale
uncashed benefit checks, or unusual or fraudulent activities. For example, there were two
distribution checks from a prior year that were not cashed. Plan management was unaware
that these checks had not been cashed.

We recommend that a formal reconciliation of this account be performed on a monthly basis.

Reconciling this account will help track the outstanding checks within this Plan and identify any
errors or other unusual activity.

Participant Loans
Loan Repayments

Loan repayments when payroll deductions are inadequate

It was noted that during 20X0 several loans nearly defaulted as there were not enough funds from
the participant’s paycheck to cover the loan deduction. As such, no payment was made on the
loan.

When there are not enough funds to cover the loan deduction, the participant is supposed to write
a check to Trustee and present it to the Company to be remitted to the Trustee. This policy

Page 10 of 27
 should be communicated to the employees. Additionally, the Company should utilize and
schedule regular review of the “Alert” function of the Trustee website to determine if there are
loan payments missed by the participants.

Loan repayment set-up

Certain loans selected for testing were not properly set up for repayments. The errors were
noticed in April 20X0 by ABC Bank who notified the XYZ Group (Plan Sponsor). We
recommend that the Plan Sponsor request and review a listing of issued loans on a quarterly
basis and agree this information to the payroll system to ensure that loan repayments are
being processed.

Internal controls over loan repayments

During our walkthrough of loan repayments, we noted that there are inadequate controls regarding
loan repayments when a participant has a break in service. Neither the plan sponsor nor ABC TPA
is monitoring the loans to determine if a deemed distribution may have occurred. It is the
responsibility of the plan sponsor to determine when a loan is in default. We recommend that plan
management, on a test basis, review loan repayments for participants who have breaks in service
to ascertain whether the outstanding balances should be accounted for as deemed distributions.

Remittance of loan payments

During our testing of contribution and loan remittances from payroll to the trust, we noted that
loan amounts were withheld from payroll for various employees throughout the year;
however, the monies were not remitted to the trust at the beginning of the plan year and the
missed amounts were not remitted until June 20X0. Also, during this testing, we noted that
the 3/10/X0 pay date was remitted by the Plan Sponsor to the trust twice during the plan year.

We recommend management implement policies and procedures to review all participant

contribution and loan remittances compared to payroll to ensure that the participant accounts
are in agreement with contributions and loans per payroll. Total remittances for loans and
contributions per payroll should be traced to the amounts remitted to the trust on a periodic
basis. We also recommend management consult with their third-party recordkeeper to correct
the pay date that was remitted twice during the Plan year.

Delinquent plan loans

During our audit, we noted certain participants who have delinquent plan loans. These loans should be
treated as deemed distributions to the participants. If they are not treated as deemed distributions at
the close of the grace period specified in the written loan guidelines, they will be deemed to be
prohibited transactions. We recommend that you discuss the treatment of these delinquent loans with
your third party administrator.

Interest Rates

Loan interest rates

During our audit procedures, we noted that the interest rates on all loans issued during the
third quarter of 20X0 were incorrect. The interest rate used for these loans was a quarter of a
percent higher than the correct percentage rate. Our testing originally note d two loans that
were improperly calculated; however, upon further investigation it was determined that all
loans issued during the third quarter of 20X0 were affected by this error, which resulted in
higher loan payments for all participants. The incorrect rates were calculated by ABC Bank,
the custodian for both plans. ABC Bank is currently in the process of determining how the
loan interest rates will be corrected. We recommend the plan sponsor develop and execute
policies and procedures to ensure the proper calculation participant loan interest rates.

Page 11 of 27
Documentation

Retention of participant loan request forms

During our testing of participant loans, we noted the Plan was unable to provide the signed
participant loan request form. As a result, we were unable to verify if the participant loan
request was properly approved and authorized. Per the loan policy of the Plan, a loan request
form must be approved by a trustee, therefore not retaining these records results in a lack of
compliance with Plan policies. We recommend that Plan management implement procedures
to retain such records in order to support proper approval and authorization of participant
loan requests.

Loan Policy

No loan policy

During our audit, we noted the plan has no written loan policy. A loan policy outlines the specific loan
provisions contained in the plan as well as requirements outlined by regulations. By not adopting a
written loan policy, the Department of Labor may regard the Plan as not falling within the statutory
prohibitive transaction exemption of ERISA section 408, which would result in the non-exempt
extension of credit between the plan and a party in interest for each participant loan granted. We
recommend that a written loan policy be established. Attached is a sample of a written loan policy for
your reference.

Violation of loan policy

During our audit, we noted a violation of the Plan’s loan policy. The loan policy specifies that
participants may not have more than one loan outstanding at any point in time. During our testing, we
noted several participants in violation of this policy. By not adhering to the written loan policy, the
Department of Labor may regard the Plan as not falling within the statutory prohibitive transaction
exemption of ERISA section 408, which would result in the non-exempt extension of credit between the
plan and a party in interest for each participant loan granted. We recommend you consult with ABC
Bank to correct this by either amending the loan policy to incorporate current practices or have the
participants who are in violation of the loan policy consolidate their loans into one new loan.

Participant Accounts
Monitoring

Monitoring of inactive accounts

We noted that inactive accounts are not being monitored by management or ABC TPA for
unusual activity or excessive fees that may be posted to these accounts. To the extent that
inactive accounts have not exceeded $5,000, consideration should be given to cashing out
the accounts pursuant to the terms of the plan document. We recomm end that management,
on a periodic basis, review the accounts of inactive participants or those who have been
separated from service to ascertain whether the changes and charges to those accounts
appear to be reasonable.

Monitoring of accounts of participants 70 ½ years of age and older

We noted that there is no monitoring of accounts for participants who are 70 1/2 years of age
or older by management or ABC TPA, the trustee of the Plan. We recommend that
management, on a periodic basis, review the accounts of those participants who are 70 ½ or
older to ascertain whether mandatory distributions are required to be paid from the accounts.

Page 12 of 27
Duplicate Accounts

Duplicate accounts

During our testing for loans, we identified one participant who had two accounts with two
different social security numbers. One of the accounts appeared to be inactive.

We recommended that the inactive account for this person be deleted so that no activity can
be posted. We also recommend plan management, on a test basis, run diagno stic tests to
identify duplicate social security numbers and duplicate participant names. Plan management
should take corrective actions to investigate, resolve and remove participant records that
have duplicate names and social security numbers.

Contributions
Employee Contributions

Timely remittance of employee contributions

During our audit, we noted that remittances of the employee deferrals to the Plan were
deposited at sporadic time spans after pay dates. Some of the remittances were even
deposited after the 15th business day after the end of the month of deferral. Failure to remit
participant contributions to the Plan in a timely manner results in prohibited transactions
which must be separately reported to the DOL and may result in lost earnings f or the Plan
and penalties to the Plan Sponsor. We recommend correcting the current process to assure
self-correction of these late remittances and submitting the deferrals as soon as
administratively possible.

Timely remittance of employee contributions (2)

During our audit, it was noted that sufficient controls are not in place to ensure participant
contributions are remitted to the trust in a timely manner. Department of Labor (DOL)
Regulation 2510.3-102 requires that participant contributions be remitted to the Plan on the
earliest date on which they can be reasonably segregated from the company’s general
assets, but in no event later than the 15 th business day following the end of the month in
which amounts are contributed by employees or withheld from their wages. Failure to remit
participant contributions to the Plan in a timely manner results in prohibited transactions
which must be separately reported to the DOL and may result in lost earnings for the Plan
and penalties to the Plan Sponsor. We recommend that the Plan Sponsor review the
procedures involved in remittance of participant contributions to the Plan and institute the
necessary controls to ensure participant contributions are remitted timely. A written
remittance policy should be created and followed. We also recommend the Plan correct all
untimely remittances.

Change in type of deferral

During our testing, we noted one participant elected to change his contributions from Roth to
pre-tax deferrals. The Plan Sponsor inadvertently deducted both types of deferrals and
contributed a match amount on both of them for two pay periods. This error could expose the
Plan Sponsor to make necessary corrective actions for the plan to remain in compliance with
regulations, and may include corrective contributions on behalf of the participant. We
recommend that a procedure be instituted that ensures the proper amount and type of
deferrals and match are being withheld from the participants compensation and contributed to
the Plan.

Page 13 of 27
Proper remittance of employee contributions

During our testing of employee contributions, we noted participants whose employee

contribution amount per payroll was different than the amount deposited in his or her
participant account. The employees inadvertently did not have defe rrals withheld for one pay
period. Management did make the participants whole by remitting the deferral amount and the
related earnings thereon for the employees to the trust; however, the amount was never run
through payroll. We recommend management implement policies and procedures to review
all participant contribution remittances to ensure that the participant accounts are in
agreement with contributions per payroll. Total remittances per payroll should be traced to
the trust deposits on a periodic basis.

Policy regarding 401(k) deductions on manual payroll checks

It was noted that during 20X0 certain participants received a manual payroll check for an
insignificant amount, and 401(k) deductions were not withheld from the checks. The Company
should revise its policy for drafting manual checks and include procedures which require the
check writer to review deductions the employee currently is having withheld prior to writing
the check.

Policy regarding inclusion of bonus 401(k) deductions on manual payroll checks

The Plan document permits a separate election to defer on each bonus that is paid. The
Company should require bonus recipients to document clearly whether the recipient wants
401(k) deferrals to apply to bonuses or not.

Timely reconciliation of contributions

During our audit, we noted that the contributions per the payroll reports and the census did
not agree with the total contributions per the administration report. We also noted that
employer contributions recorded by the Company did not agree with the employer
contributions per the plan trust statements and amounts remitted by the Plan Sponsor.
Failure to reconcile these reports and statements may result in a material misstatement or
omission in the Plan’s financial statements and/or Form 5500 that would not be prevented,
detected or corrected on a timely basis. We recommend that these amounts be reconciled on
a periodic basis and that differences be investigated by management.

Profit sharing compensation not in accordance with plan document

During our testing of profit sharing contributions, we noted that the compensation being used
to calculate new participants’ contribution amounts were not being calculated in accordance
with the Plan Document which states that pre-participation compensation will be excluded
from eligible compensation for the component of the Plan the compensation is being used.
Allocations of contributions to the Plan using a different definition of compensation than
defined in the Plan document may expose the Plan Sponsor to make corrective actions to
maintain compliance with regulations. We recommend that Plan management work with the
third party administrator and an ERISA specialist to correct errors and amend the Plan
Document in accordance with management’s intentions.

Page 14 of 27
Timing and calculation of employee and employer contributions

During audit procedures performed on employee and employer contributions, we noted

instances where the employee/employer contributions did not begin on the proper date. For
example, in one case the employee elected to start participating on October 1, 20X0 and
contributions were not withheld until the first pay in November. We also noted several
instances where the employee/employer contributions were not calculated properly based on
the employee contribution election and eligible wages. It is the Plan Sponsor's responsibility
to ensure compliance with the plan document and participant instructions in the
administration of the Plan.

Definition of eligible compensation for employee contribution calculations

It was noted during our audit procedures that there was inconsistency in the application of the
terms in the Plan document relating to the definition of eligible compensation for the purposes
of calculating the employee’s contribution and the employer’s contribution. Participants in our
sample made and received contributions based on compensation including fringe benefits,
although fringe benefits are not included in the definition of compensation in the Plan
document. We noted this error existed on all participants receiving fringe benefits at that
location. The plan sponsor is correcting this error. We recommend that the plan sponsor
uniformly train all personnel who work with the plan and review the setup of the payroll
system to ensure all locations are operating in the same manner and are consistent with the
Plan document.

Exclusion of incentive bonus

Certain participants in our sample had an incentive bonus improperly excluded from eligible
compensation and thus did not have the opportunity to defer on the bonus. Per discussion
with the XYZ payroll department, it was noted that these bonuses are included in the
calculation of the company match. Per the Plan document eligible compensation is defined as
all W-2 wages. We recommend that the Plan Sponsor review the payroll system to ensure
that the operation is consistent with the Plan document.

Deferrals on bonus compensation

Deferral on a portion of compensation classified as bonus in the current year was not
deferred as elected for participants at one location. Instead of using the percentage elected
on the bonus deferral election forms, the elected rate on regular compensation was used.
Due to the improper deferral, the employer safe harbor match was also incorrect for these
participants. The incorrect deferral percentages resulted in over or under withholding for
deferrals and an incorrect employer safe harbor match, depending on each individual’s
election. Incorrect deferrals on bonus compensation could require the Plan Sponsor to mak e
necessary corrective actions for the plan to remain in compliance with regulations, and may
include corrective contributions on behalf of the participant. We recommend that procedures
be implemented to ensure that deferrals and corresponding match contri butions are being
correctly calculated as elected by the participant on the bonus deferral election form for all
forms of bonus compensation.

Timeliness of participant 401(k) deferrals

During our audit procedures, we noted that 401(k) deferrals were not w ithheld from several
participants’ paychecks during the year due to the timing of the paycheck, setup of pay types
in the payroll software, or because the check was a manual check. The plan sponsor will
correct these errors in the next monthly remittance. We recommend that the plan sponsor
develop and execute policies and procedures to ensure the proper calculation of employee
deferrals and that these calculations be reviewed by a knowledgeable individual at the plan
sponsor because the calculations are performed by a third-party payroll service provider.

Page 15 of 27
 Hardship distribution rules not followed

It was also noted during audit procedures that the rules for hardship distributions were not
applied appropriately as required by the Plan document. Certain partici pants in our
contribution sample were required to stop making contributions for the next six months after
receiving a hardship distribution, but then were allowed to continue making contributions
when the Plan switched recordkeepers. Upon further investiga tion, it was determined that a
control feature at the recordkeeper had not been put in place to stop the deferral
contributions where a hardship distribution had been taken. This is not allowable because the
Plan document states a participant must cease making contributions for six months after a
hardship distribution is made. We recommend that the plan sponsor review the policies and
procedures surrounding the hardship distribution process to ensure all appropriate controls
are in place and are operating in accordance with the Plan document.

Set-up of withholding percentages

During our audit, we tested participant deferrals by comparing the participants’ election forms
to the amount of withholding used in the payroll system. It was noted that all of the
participants selected for testing that had elected a percentage of compensation for their
withholding were incorrectly set up within the payroll system. Therefore, withholdings taken
from payroll were not correct according to the participants’ election. It i s our understanding
that in the initial set up of the participants’ election in the payroll system, the Employer
converted the elected percentage to a dollar amount based on each employee’s estimated
year to date compensation. This is ultimately causing errors each payroll when the
compensation amount is different from the estimated amount. Thus, employees are either
having too much or too little withheld from what they had elected. We recommend that
management review all employee elections and determine a way in which a deferral
percentage, if elected, can be entered into the payroll system to properly calculate the
withholdings as the employees had intended. We also recommend management discuss this
matter with their legal counsel to determine proper corrective action, if any.

Employer Contributions

Caps on employer matching contributions

During our testing of contributions, we noted that certain employees’ year -to-date match
amounts were not correct as the match should have been capped at 4% of compensat ion and
should have been matched at 75% up to 4% of compensation based on years of service.
Instead, the employees were matched at 50% up to 4% and were not capped at the 4% of
compensation. We recommend that management correct this as soon as practicable. We
further recommend that management perform a review of employer contributions to ensure all
other participants received the proper contribution. We also recommend that Plan
management implement policies and procedures to ensure the Employer matching
contribution calculations are accurate before amounts are remitted to the Plan.

Year-end adjustments for discretionary employer matching contributions

The provisions of the Plan provide for an Employer matching contribution to be made at the
discretion of the Plan sponsor. The current provisions of the Plan state that the matching
contribution will be made on the basis of eligible compensation and deferrals over the period
of the Plan year and that an employee must have worked 1,000 hours during the plan year
and be employed on the last day of the plan year to receive an allocation of the matching
contribution. It is our understanding, however, that the contribution is currently being
calculated and remitted for each pay period with no year -end “true- up” adjustment. We
recommend that you consider amending the Plan to permit payroll-period basis contribution

Page 16 of 27
 calculations or calculate and remit a true-up contribution at year end in order to be in
compliance with Plan provisions.

Calculation of employer matching contributions

During our audit procedures, we noted that the plan sponsor, ABC Company, incorrectly
calculated the employer match for certain participants, causing those participants to receive
an excess match for the plan year. Upon further investigation , it was determined that the
entire XYZ division was affected by this error. The plan sponsor intends to correct these
errors. We recommend the plan sponsor develop and execute policies and procedures to
ensure the proper calculation of employer matching contributions and that these calculations
be reviewed by someone other than the individual performing the calculation.

Incorrect contribution rates (multiemployer plan)

During our audit it was noted that one employer was contributing to the Plan at an in correct
hourly contribution rate.

We recommend that the Plan’s third party administrator contact the employer and invoice
them for all additional contributions due to the Plan. We also recommend that the third party
administrator review the contribution reports on an ongoing basis to verify that employers are
contributing at the correct contribution rates.

Eligibility

Proper eligibility determination

During our audit we noted that the eligibility was incorrectly considered which resulted in
ineligible employees receiving an allocation of the ESOP contribution. This type of
circumstance could create a situation where certain participant’s accounts could be under -
funded, and could require the plan sponsor to make necessary corrective actions to maintain
plan compliance. We recommend management work with the third party administrator, to
correct the 20X2 allocation. In addition we recommend management continue to refine its
review process and work with the third party administrator as this can be a comple x area of
plan management.

Participant eligibility—incorrect entry dates used

During our testing of participant eligibility, we noted that certain employees who were eligible
to defer into the Plan and did elect to defer into the Plan during 20X0; however, the
participants’ entry dates upon meeting eligibility requirements were calculated incorrectly and
they were not allowed to defer until 20X1. We recommend that Plan management discuss this
with the participants and correct this by remitting the proper a mount, plus lost earnings, to the
participants’ accounts, and also perform a review to ensure all other participants’ entry dates
are accurate.

Distributions
Benefit Payments

Calculation of benefit payments

During our 20X0 audit we noted that several participants did not receive the correct amount of
benefit payment, based on the Plan’s vesting schedule. We recommend the Plan correct these

Page 17 of 27
 payments and establish controls over benefit payment calculations to ensure that correct amounts
are paid.

Termination of benefit payments

Currently, there is no formal method followed to ensure that benefit payments to retirees or
beneficiaries cease upon their death. We recommend the Plan implement controls to ena ble
detection of instances where benefit payments may be made to deceased participants.

Calculation of distributions and forfeitures

During our audit procedures, we noted several participants in our sample who were paid a
distribution based on the account valuation prior to all earnings and contributions bei ng credited
to the participant’s account. In addition, certain other participants had errors in the calculation of
their forfeited balances. The plan sponsor will correct the first error by distributing the remaining
balances in the participants’ accounts. We recommend that the plan sponsor review all
distribution requests for accuracy and periodically spot-check reports received from the third-
party recordkeeper for any distribution errors.

Claims Processing

Controls over claims processing

During our audit we noted that the claims processing department was not structured in such a
way to provide maximum segregation of duties and supervisory review. In order to prevent, detect
and correct intentional or unintentional errors, no one employee should have ac cess to several
phases of processing a claims transaction. Furthermore, responsibility for approving claims
payments should be restricted by level of authority. Lastly, we noted that the self -processing and
adjudication of claims by employees was not prohibited and that the processing of employee
claims was not restricted to one or two persons at the Plan with a high level of authority.

We recommend that the claims department adopt an organization plan with position guides and
job descriptions that clearly define the authority and responsibilities of the various employees. We
also recommend that such employees either be sent to outside specialized training seminars or
participate in in-house training conducted by the Plan's benefits consultant.

Vesting Matters

Calculation of Vested balances

During our audit we noted that the vesting of one individual was incorrectly calculated which
resulted in an incorrect payment to a participant for a distribution. This circumstance could result
in former participants not receiving the proper distribution amounts, and therefore would expose
the plan sponsor to a situation where corrective actions would be required. We recommend
management review all distribution payments for correct vesting prior to payments being made in
order to eliminate errors made on distributions.

Calculation of vested balances (2)

During our audit we noted instances where participants had an error in the calculation of their
vested balance. For example, one participant should have been paid out at 60% but was
incorrectly paid out at 80%, resulting in an overpayment of $720. We recommend that the plan
sponsor review all distribution requests for accuracy and periodically spot-check reports received
from the third-party recordkeeper for any distribution errors.

Page 18 of 27
 Vesting percentages used

We noted from our eligibility testing that participants had vested amounts in the amount of 25%.
From reviewing the Plan document, vesting percentages should be either 0% or 100%. From
conversations with the Plan Administrator it was determined that the incorrect vesting schedule
was uploaded in 20XX. We recommend that a) the vesting schedule be corrected, b) all
participants who received a distribution in 20XX be reviewed in order to determine if the correct
distribution occurred and c) attempt to recover from the participants overpayments, if any, which
resulted from the incorrect vesting percentages. We also recommend that Plan management
recalculate, on a periodic basis and immediately before distributions are made to withdrawing
participants, the vesting percentages to determine the accuracy of those percentages.

Override of vesting percentages

During our testing of benefit payments, we identified discrepancies with four participants and their
vesting percentages. When we re-performed the vesting calculations we arrived at a different
vesting percentage. We were informed that Plan management has the ability to override the
vesting percentage, which is transmitted to ABC TPA. There appears to be a lack of
documentation as to who has access to change the percentages and why this vesting modifier
has been changed. ABC TPA utilizes the percentages that have been downloaded and does not
perform a recalculation of, or check for changes in, the vesting percentage from period to period.
We recommend that Plan management immediately correct the software applications so that
overrides to vesting cannot be entered without proper authorizations and approvals. We also
recommend that Plan management recalculate, on a periodic basis and immediately before
distributions are made to withdrawing participants, the vesting percentages to determine the
accuracy of those percentages.

Third Party Service Providers

Monitoring and Review

Monitoring compliance with the service agreements

We noted that the latest fee schedules are not obtained from service providers, although the
agreements are reviewed and updated on a periodic basis. We also noted that there may be an
over- reliance on the integrity of the service provider to act within the terms of the agreement,
with little, if any, review by management. We recommend that a person who is independent of the
negotiations of the service agreements perform periodic checks on the service providers’
compliance with the service agreements, that fees charged are within the guidelines of the
agreements, the fees are properly attributable to the Plan’s operation, and that fees if assessed
to the Plan are properly charged and allocated.

Page 19 of 27
Timely and accurate recordkeeper and custodian reports

During our audit procedures, we noted that the Plan’s recordkeeper and custodian, ABC Bank,
did not provide timely or accurate reports to the Plan Sponsor, XYZ Group. This situation resulted
in the Plan Sponsor not being able to perform timely reviews of Plan information. XYZ Group is
responsible for the prudent oversight and review of all services provided by third parties to the
Plans. We recommend that the Plan Sponsor perform various periodic reviews and reconciliations
of information provided by your third-party service providers including (a) reconciling total Plan
assets per the participant detail (the sum of the individual participant account balances) provided
by the Plan’s recordkeeper to total plan assets reported by the Plan trustee, (b) reconcile total
contributions made to the Plan per the respective payroll registers to total contributions received
by the Plan per the trustee, and (c) agree individual demographic data included in new employee
personnel files to the corresponding information included in the participant detail provided by the
Plan’s recordkeeper.

We have enclosed a Plan Advisory entitled, Effective Monitoring of Outsourced Plan

Recordkeeping and Reporting Functions, developed by the AICPA Employee Benefit Plan Audit
Quality Center. This Plan Advisory can assist you in fulfilling your responsibilities for monitoring
third-party service providers as described above.

Review and approval of information provided to TPAs

During audit procedures performed and discussions with key personnel, it came to our attention
the information submitted to the third party administrator is not adequately reviewed and
approved by an appropriate level of management and may be submitted by the preparer of the
information. It is our recommendation the information be reviewed and approved by an
appropriate level of management independent of the preparation. The Plan should maintain
proper documentation of this review and approval.

SOC 1 report considerations/management review of SOC 1 reports

Third party service organizations perform a significant amount of the processing of plan
transactions.

Generally a plan sponsor must review the procedures at these service organizations on a
consistent basis as well as review reports produced and assumptions made.

We understand resources are limited given the Company's current operating status and are
aware multiple levels of accounting personnel are not local. We recommend instituting a policy
requiring annual review of the SOC 1 report for the service organization and documentation of the
acceptability of the SOC 1 report with regard to the annual assessment by Plan management that
controls at the Plan sponsor and service providers are operating in a way to ensure timely and
accurate processing of Plan data and also address any noted exceptions and how those
exceptions may affect the Plan. Usually prepared annually, a SOC 1 report is use ful in assessing
the reliability of the service organization’s controls over the processing and security of plan and
participant data and activity. We also recommend ongoing timely review of reports provided by
service organizations. These controls at the plan sponsor level serve to assure proper and
complete transmission of data to third parties, proper processing of data and complete receipt o f
data from third parties and timely reconciliation of data, as necessary.

SOC 1 report considerations/management review of SOC 1 reports (2)

During our audits, we noted that the Plan sponsor did not review, in detail, the SOC 1 report of
the service organizations. Since a significant amount of the processing of Plan transactions is
performed by service organizations, it is imperative that Plan management review the procedures
at these service organizations on a consistent basis and document such review in detail as part of
due diligence in operating the Plan.

Page 20 of 27
 We recommend documenting that the description of the controls listed within the SOC 1 report
covers all significant transactions, processes or computer applications that a ffect the Plan's
financial statements. In addition, if the SOC 1 report identifies noncompliance of the service
organization's controls, consideration should be made as to the ef fects of the findings on the
Plan's operations. In the instance of noncompliance, complementary controls at the Plan should
be documented and enhanced as necessary. Listing the exceptions and the response of the
service organizations' management alone is not suf ficient. Plan management must document its
own conclusions.

Another item that the plan sponsor should document, in detail, is user controls. The SOC 1
reports identify controls for which Plan personnel are responsible and these are typically re ferred
to as "Client Control Considerations." Client controls are complementary to the controls of the
service organization and are necessary for the service organizations' controls to be achieved.

Monitoring and implementing user controls

During our internal controls walkthrough, we noted that the user controls documented in the SOC
1 reports from the Plan’s service organizations (e.g., ABC TPA) are not being monitored or
implemented on a timely basis.

We recommend that management review the SOC 1 reports, document the user controls and
evidence how they are operating as they relate to this Plan. If controls are n ot in place,
management should implement the appropriate controls.

Payroll/Personnel Records and Census Data

Maintaining Records

Documentation for waiver of participation

During our testing, there were three employees for which we were unable to determi ne if they had
voluntarily elected not to participate in the Plan. As a result, we were unable to determine if they
were properly excluded from participation in the Plan. We recommend that Plan management
establish procedures such that upon initial eligibility for participation, those employees that elect
not to enroll in the Plan complete a negative enrollment form. This would assist in protecting the
Plan from accusations that eligible employees were not given the chance to participate and any
financial consequences that may result from such accusations.

Documentation contained in personnel files

During our testing of participant data, we noted that there were instances where employee
personnel files did not contain adequate support for the employees’ dates of hire and/or did not
contain the employee’s date of birth. We recommend that documentation be obtained and
maintained in employee files to support plan operations.

Inconsistencies in demographic data

During our audit, we noted discrepancies between information recorded on the payroll report and
personnel files relating to employee data such as date of birth and hire date. Since information
recorded on the payroll report is used as a source for updating employee data to be used by the
third party administrator and to determine the eligibility of an employee, failure to keep accurate
employee data might result in eligibility status of employees being incorrectly determined. Also, it
was noted that incorrect employee data was provided to XYZ Company, wh ich uses the census
data to estimate the plan’s obligations. We recommend that in the future, any new or updated
employee data being entered into the system be reviewed to make sure it agrees with supporting
documents in the personnel files. The accuracy of employee data should also be reviewed before
it is sent to the actuary.

Page 21 of 27
 Missing personnel files

We noted during the audit of ABC Pension Plan that several employee personnel files could not
be located. We recommend the Company enhance its existing processes to maintain and retain
employee personnel files for each employee. The files should be retained in a secure location
and filed centrally, if necessary. Additionally, we suggest that throughout the year management
conduct audits of the employee personnel files to ensure they can be located and are filed in the
proper location.

Locating financial records

While auditing the ABC Supplemental Unemployment Benefit Plan, we noted that there was some
difficulty encountered by management in finding some records. These records related specifically
to payments made near the beginning of the year. We recommend the Company ensure that
proper procedures are in place to prevent data from becoming “lost” or “misplaced” and that
increased care be taken when filing information at or near period ends to ensure that records do
not erroneously get stored under the wrong period and to ensure that records are maintained and
retained at the appropriate locations in accordance with the Company’s intended retention
policies.

Retention of employer match calculations

During our testing of contributions, we noted several instances where the employer match
recalculations did not agree with the amount of match noted per payroll. The employer match
calculations per participant were not retained by management, thus we could not reconcile these
differences. We recommend that management retain the employer match calcula tions per
participant to verify the accuracy of the matching contributions. We also recommend you discuss
this matter with your legal counsel to determine proper corrective action if any.

Demographic Data

Discrepancies that affect the calculation of benefits

Through the course of our audit testing of the benefit plans covering the XZY Group employees,
we noted certain demographic and payroll data discrepancies. These errors are similar to those
noted in prior years’ audits and include incorrect plan entry dates for new employees, failure to
meet the one year service requirement prior to receiving company match, errors in ca lculating
company match, incorrect handling of a hardship distribution and improper exclusion of
commissions from wages eligible for deferral. These issues will not be on-going as all Divisions
have been sold. We will provide additional detailed informatio n to XYZ Human Resources
Department for those items that require corrective action so that they may be relayed to the
appropriate parties.

Census Data

Inclusion of census data changes/correct information in actuarial data

During our audit, we found several census data changes requested by the Company were not
properly reflected by the Plan Actuary in the census data. Also, for both the ABC Pension Plan
and the XYZ Employees Retirement Plan, several deferred vested participants were included in
the census data when they should have been removed due to, for example, having previously
taken a buy-out. We suggest that the Company review all changes requested of the actuary as
soon as they are processed in order to ensure the actuary has properly made the cha nge. We
also recommend that the Company collaborate with the Plan Actuary and review the census data
files for all pension plans in their entirety to ensure that all components agree to Company
information. Once this complete review is performed, we recommend that the Company develop a
procedure to periodically check samples or portions of the census data files that the actuary
utilizes on a recurring basis.

Page 22 of 27
 Removal of deceased participants
During our procedures to verify if participants and beneficiaries of ABC Pension Plan age 90+
were still living, we noted that two beneficiaries who were deceased prior to January 1, 20X0 had
been improperly included in the census data. We suggest that t he Company expand its
procedures to check that deceased beneficiaries are properly excluded from the census data,
particularly with regard to joint and survivor forms of payment. Additionally, the Company should
review participants who are at higher risk for being deceased by using an age threshold (e.g., 90
years of age or older) to ensure they have not passed away.

Payroll Compliance Audits—Multiemployer Plans

Deficient/delinquent contributions resulting from failure to report all hours worked

As set forth in ERISA, the Trustees have a responsibility to collect contri butions due to the Fund
from all participating employers as required by the collective bargaining agreement. This
includes deficient and delinquent amounts due because the employer failed to report all hours. A
payroll compliance audit program helps ensure that this fiduciary responsibility is being fulfilled.
In the past, the Fund was included in a portion of the payroll audits performed for other related
funds, and in certain cases a special payroll audit for the Fund would be performed at the request
of the Trustees. We noted that the Fund was not included in any of the other related funds’ 20X2
payroll compliance audits and that no special audits were requested.

While we acknowledge that the Trustees are aware of the payroll compliance audit finding s for
the other related funds, monitor the results to determine when payroll compliance audits for the
Fund are warranted and that the Trustees also review delinquent reports and employers that have
substantial decreases in hours reported to determine if a payroll compliance audit is necessary,
we recommend the Trustees develop a more formal, proactive payroll compliance audit program
or participate in the other funds’ payroll compliance audit program to a greater extent in order to
demonstrate that the Trustees are meeting their responsibilities set forth in ERISA.

Timing/completeness of payroll compliance audits

Receipt of proper and timely contributions from participating employers is essential to protect the
interests of the participants and beneficiaries under the Plan, including the timely determination of
eligibility for benefits. An adequate payroll compliance audit program ensures that the Plan has
reasonable, diligent and systematic procedures in place for the collection of proper employer
contributions.

We noted during the audit that the Plan's payroll compliance audits are done in conjunction with
those performed by certain affiliated trust funds. However, the current rotation schedule does not
appear to ensure that all employers participating in the Plan are audited every three to five years,
which is considered to be best practice for a multiemployer plan. Furthermore, the Trustees of the
Plan do not currently exercise discretion in determining which employers will be audited each
year or that new employers are audited within the first year of participation.

We recommend that the Trustees consider instituting a more aggressive payroll compliance audit
program in order to fulfill their fiduciary duty to gather and protect assets of the Plan.

Plan Fees and Expenses

Plan Fees

Fee Disclosure
ERISA section §408(b)(2) fee disclosure regulations became effective July 1, 2012. Plan
management should have received the written required disclosures for the Plan’s existing

Page 23 of 27
 contracts with its covered service providers. Plan management is responsible for determining
whether it received the required disclosures and for evaluating the disclosed infor mation to
determine if the contract arrangements are reasonable. If Plan management fails to comply with
the requirements under §408(b)(2), the Plan may be considered to be involved in a prohibited
transaction and may be subject to penalties including excise tax penalties, reimbursement to the
Plan for excessive fees and potential plan disqualification.

We recommend that Plan management develop written procedures or policies to more thoroughly
document these considerations, such as in the Plan management meeting minutes that will support
the conclusion that the Plan’s covered service provider contracts and re lated fees are reasonable.

Documentation and analysis of plan fees and expenses

Understanding and monitoring Plan fees and expenses is important in providing for the services
necessary for the Plan's operation. During our audit, supporting documentation and analysis was
not readily available for all expenses. We recommend that you monitor the Plan's fees and
expenses throughout the year to determine whether they are reasonable and in agreement with
service contracts, and document this process appropriatel y.

Plan Expenses—Multiemployer Plans

Reimbursed trustee and employee expenses

During our testing of Trustee and employee expense reimbursements, it was noted that several
meal receipts lacked proper supporting documentation. Also, there were instances n oted where
expenditures were not supported by any documentation (e.g., missing receipts, missing boarding
passes, etc.). In addition, several expenses were noted which the Department of Labor may
consider excessive. These instances primarily involve excess days for attending out-of-town
conferences, the cost of rental vehicles not being economically justifiable, reimbursement of first -
class airfare, and reimbursement for expenses in connection with vendor entertainment.

We recommend that the Expense Reimbursement Policy be updated to reflect more recent
Department of Labor rules or regulations. This would include requiring an itemized meal receipt
which indicates who attended and what the business purpose was of the meal. The policy should
also specifically exclude the reimbursed cost of rental vehicles that are not economically
justifiable, vendor entertainment, and first-class airfare. The policy should also require copies of
boarding passes for reimbursed air travel. In addition, reimbursement of expense s should not be
made in the absence of an original receipt.

Meeting, conference and other reimbursed expenses

We noted that the supporting documentation as required by the Fund’s Expense Reimbursement
Guidelines for meeting, conference and other expenses was not present in all cases. Some
receipts for charges on the Fund’s credit card were not submitted, and some expenses were not
properly substantiated prior to reimbursement. In addition, there was one expense paid that was
not reimbursable under the Fund's Expense Reimbursement Guidelines. This expense was paid
back to the Fund subsequent to year end.

The Internal Revenue Service (IRS) requires substantiation to be present indicating the business
purpose and the individuals present at each meal or meeting, including those expenses paid by
credit card. In addition, the Department of Labor (DOL) requires substantiation of all expenses
regardless of amount. For credit card charges, the original detailed bill is required. The credit
card statement listing the total charge would not be sufficient documentation. We recommend
that all required supporting documentation be obtained in order to comply with the Fund’s
Expense Reimbursement Guidelines and both IRS and DOL requirements.

Page 24 of 27
 Trustee Expense Reimbursement Policy

The current trustee expense reimbursement policy states the following: A voucher or receipt for
each expenditure in excess of $25, detailed and itemized on the expense report, shall be
obtained and included with the report; reimbursement for days of travel shall be limited to one day
of travel to and one day from a meeting or conference; and no reimbursement will be make for
expenses not reasonable and necessary for the meeting or conference.

During our testing of trustee conference expenses we noted the following issues:

 There were several instances in which expense reports lacked detailed receipts for
expenses in excess of $25.
 A trustee was reimbursed for a personal item.
 There were several instances in which tipping was in excess of 20%.
 There was one instance in which a trustee was reimbursed for expenses incurred two days
before the start of the conference

We recommend that the trustees adhere to the Plan’s expense reimbursement policy.

Shared Expenses

During our audit we noted that the shared employee related expenses, shared office expenses,
and shared training facility expenses are being entirely subsidized by related organizations
without a formal documentation of the allocations, including lease agreements or contracts.

We recommend that the Trustees evaluate and approve the current application of shared
expenses. Formal lease agreements, if applicable, should be adopted for shared building
expenses, and the Trustees should consider preparing a cost allocation study for sh ared
employee expenses.

Parties In Interest
Documentation

Documentation of parties in interest

During our audit of the Plan’s records, it came to our attention that the level of documentation
regarding parties in interest normally expected with respect to a retirement plan is not present.
Although nothing came to our attention causing us to believe that errors may have occurred,
sufficient procedural controls do not seem to be in place. For example, we did not find an up to
date listing of parties in interest, as those terms are defined by the law. This makes it difficult to
monitor transactions with those parties to ensure that no prohibited transactions occur. We
recommend that the Plan sponsor adopt a written set of policies and procedures designed to
mitigate the Plan’s risk with regard to identifying parties in interest.

Documentation of party-in-interest transactions (multiemployer plans)

During our audit, it was noted that the Plan was leasing storage space to a contributing employer
without a current formal lease agreement. An employer trustee is employed by the lessee.

The Plan should draft a formal current lease agreement. Documentation that the rent
approximates the current market rate when leasing began should be maintained.

Also, if the Plan is involved with a business transaction with a party-in-interest either as noted
above or through the purchase of any materials or supplies through the relationship of any
Trustee, that Trustee should, as has been done in the past, recuse himself from the decision-

Page 25 of 27
 making process and approval of such a transaction.

The Trustees should refer to the Department of Labor’s FAQs on Multiemployer Plan Leasing
Arrangements as guidance regarding prohibited transaction violations that may arise in leasing or
service provider arrangements.

Transactions with Parties in Interest

Transactions with Parties in Interest (multiemployer plans)

We noted that the Apprentice Fund purchased training materials from an employer of a Trustee.
Transactions between the Fund and a party-in-interest are prohibited under ERISA Sections
406(a) and (b) unless specifically exempted. Parties-in-interest include contributing employers.
In general, purchases of property from a contributing employer for no more than fair value are
exempt from Section 406(a) under a class exemption. Purchases from the employer of a Fund
Trustee, however, are prohibited under Section 406(b) unless certain conditions are met. In order
for those transactions to be exempt the Trustee must “remove himsel f from all consideration by
the plan whether or not to engage in the transaction and by not otherwise exercising any of the
authority, control or responsibility…to cause the plan to engage in the transaction.”

We recommend that the Fund reaffirm that the Trustee was not involved in the decision to
purchase materials from his employer in the past, that the Trustee recuse himself from the
decision to make any future purchases, and that such action be documented in the minutes.

Other
Forfeitures

Unallocated forfeited participant accounts

The Plan document has established guidelines for the use of forfeited participant accounts. In
addition, the Internal Revenue Code (IRC) requires that these forfeited accounts be used or
reallocated to Plan participants in accordance with the terms of the Plan document in the Plan
year they are incurred.

During our audit, we noted that as of December 31, 20XX the Plan had accumulated
approximately $XXX,XXX of unallocated forfeited participant accounts that had not been uti lized.
The Plan should use or reallocate these forfeited accounts as soon as possible. In addition, Plan
management should consider consultation with ERISA counsel to determine if an official
correction is necessary to ensure the Plan remains in compliance with ERISA and IRC
regulations.

Uncashed checks

Monitoring uncashed checks

The Plan should establish procedures to periodically obtain and review listing of uncashed checks
from the Plan’s custodian. This will enable Plan management to detect errors or unusual activity
in participant accounts and Plan records on a timely basis.

Locating missing participants

We noted during our audit that there were several instances of uncashed benefit checks and/or
participants and beneficiaries that the Plan has been unable to locate.

Page 26 of 27
 The Plan’s Trustees must be able to demonstrate compliance with ERISA’s fiduciary standards
regarding efforts made in locating missing participants. Reasonable search methods include
using certified mail, checking records of related plans, checking with designated plan
beneficiaries, using a letter-forwarding service, using internet search tools, using commercial
locator services and using credit reporting agencies. Depending on the facts and circumstances
concerning a particular missing participant, it may be prudent for the Plan to use one or more of
these other search options. If the cost of using these services will be charged to the missing
participant’s account, the Plan will need to consider the size of the participant’s account balance
in relation to the cost of the services when deciding whether the use of such services is
appropriate. If search efforts fail, the Plan should consider the selection of a distribution option for
the benefits of missing participants, as governed by the fiduciary responsibility provisions of
ERISA.

Plan Amendments

Plan amendment to allow prior service crediting

During our testing, we noted the Plan Sponsor acquired substantially all of the assets of ZZZ, Inc.
In connection with this acquisition, the Plan Sponsor allowed the former employees of the
acquired company to participate in the Plan and granted them credit for their prior service with
ZZZ, Inc. No amendment was made to the Plan to allow for such prior service crediting. Failure
to properly amend the Plan may jeopardize the favorable tax status of the Plan. We recommend
the Plan Sponsor work with the third party administrator or ERISA counsel to correct the Plan and
any affected individuals.

Regulatory Compliance Oversight

ERISA and tax code compliance oversight

With respect to the Plan, we determined that many of the tests required under the Internal
Revenue Code were not performed with respect to the employer contributions. We further
determined that the payroll department was not familiar with the ERISA standards regarding the
timeliness of deposit of employee contributions to the plan. These failures constitute a control
deficiency related to failure to design procedures to assess compliance with applicable laws.

Page 27 of 27