LEARNING OBJECTIVES

After completing this chapter, you should be able to do the following:

•     Identify the requirements for an ERISA limited-scope audit.

•     Identify the key parties involved with 401(k) plans.

•     Recognize prohibited transactions.

•     Identify the kinds of information to gather.

•     Distinguish the risk factors and internal control considerations of 401(k) plan audits.

•     Identify the requirements of the risk assessment standards in planning the audit of a 401(k) plan.

•     Recall the requirements of AU-C section 260 to communicate the timing and planned scope of the audit of a 401(k) plan to those charged with governance.

INTRODUCTION

Like any financial statement audit, planning must occur for the 401(k) plan audit to be in accordance with generally accepted auditing standards (GAAS) (all plans) or the PCAOB standards (for a plan subject to the Sarbanes-Oxley Act of 2002). An overall strategy must be developed for the expected scope and conduct of the audit. The planning process includes gaining an understanding of the 401(k) plan being audited and its environment—including internal control, assessing risk, developing an audit strategy, and communicating with those charged with governance.

Considerations for public entity audits (plans that file Form 11 -K) that are performed in accordance with the PCAOB standards are covered in chapter 6. Although there is currently a slight divergence between generally accepted accounting ...