A 401(k) audit is required when a retirement plan has 100 or more eligible participants at the beginning of the plan year. An independent CPA firm examines the plan's financial statements, contribution timing, investment holdings, distributions, and compliance with ERISA and IRS regulations. The audited financial statements are filed with the Department of Labor as part of the annual Form 5500.
If your company sponsors a 401(k) and you have crossed or are approaching the 100-participant threshold, an annual audit is not optional. The Department of Labor requires it, and the penalties for filing a Form 5500 without the required audit or filing late are steep: $250 per day, up to $150,000. The IRS can add its own penalties on top of that.
This guide covers who needs a 401(k) audit, what the auditors actually examine, how much it costs, and how to prepare. For the broader employee benefit plan audit category, see what is an employee benefit plan audit. For the document processing challenge auditors face, see how CPA firms handle thousands of document formats.
The 100-participant rule: Any 401(k) plan with 100 or more eligible participants at the beginning of the plan year must file a "large plan" Form 5500, which requires an attached audit by an independent qualified public accountant (IQPA). Eligible participants include active employees, former employees with balances, and deceased participants whose beneficiaries still have account balances in the plan.
The 80-120 rule: Plans that filed as a small plan the previous year can continue filing as small (no audit required) if they have between 80 and 120 eligible participants. This prevents plans from bouncing in and out of the audit requirement when headcount fluctuates near the threshold. Once you file as a large plan, you stay in the large plan category until you drop below 80 participants.
First-year plans: A plan's first year is always filed as a short plan year. The participant count at the beginning of the first full plan year determines whether an audit is required for that year.
Contribution timing: The DOL requires employee contributions to be deposited as soon as administratively feasible, generally within 15 business days of the payroll date. Late deposits are the single most common audit finding. Auditors compare payroll dates against deposit dates for every pay period.
Investment holdings and earnings: Auditors verify that the plan's reported investment balances match the custodian's records. This means extracting position data from broker statements (Schwab, Fidelity, Vanguard, Empower, and dozens of smaller custodians, each with a different report format) and reconciling against the plan's financial statements.
Participant data: Eligibility, vesting, and benefit calculations must comply with the plan document. Auditors test a sample of participants to verify they were enrolled correctly, their vesting is calculated right, and employer match formulas are applied accurately.
Distributions: Hardship withdrawals, loans, rollovers, and termination distributions must follow the plan document and IRS rules. Auditors verify that distributions were calculated correctly and that required tax withholding was applied.
Plan document compliance: The plan must operate according to its written document. Common issues: not following the plan's definition of eligible compensation, not applying the correct match formula, or not updating the document for required legislative amendments.
Your CPA firm will request these documents. Having them organized saves time and reduces audit fees:
Plan documents: Current plan document, all amendments, summary plan description, adoption agreement, and IRS determination/opinion letter.
Financial records: Trust or custodian statements for all investment accounts (every month of the plan year), bank statements for the plan's trust account, and year-end broker statements showing all holdings.
Participant data: Census data (name, date of birth, date of hire, date of termination, hours worked, compensation), contribution records by participant by pay period, loan balances, and distribution records.
Payroll records: Payroll registers showing gross pay, 401(k) deferrals, employer contributions, and deposit dates for each pay period.
Compliance testing: ADP/ACP nondiscrimination test results, top-heavy test, 415 annual additions test, and coverage testing.
Prior year: Prior year's audited financial statements, Form 5500, and management letter (if any).
Audit fees for a straightforward 401(k) plan typically range from $8,000 to $20,000. Factors that increase the cost:
Plan complexity: Plans with self-directed brokerage accounts, employer stock, real estate investments, or participant loans cost more to audit because each adds testing procedures.
Participant count: More participants means larger sample sizes and more testing. A 500-participant plan costs more to audit than a 150-participant plan.
Multiple investment platforms: Plans that use multiple custodians or recordkeepers require the auditor to obtain and reconcile statements from each, increasing document processing time.
First-year audit: The initial audit of a plan costs 20-40% more than recurring audits because the auditor needs to understand the plan document, set up workpapers, and perform initial-year testing procedures.
Issues from prior years: Unresolved compliance issues, late remittances, or operational errors from prior years add audit procedures and increase the fee.
For the tools auditors use to process 401(k) audit evidence, see best audit software for CPA firms, best payroll data extraction software, and best bank statement extraction software.
A 401(k) plan must be audited when it has 100 or more eligible participants at the beginning of the plan year. Eligible participants include active employees, former employees with balances, and beneficiaries of deceased participants with remaining account balances. The 80-120 rule allows plans that filed as small the previous year to continue filing as small if they have 80-120 participants.
Typical 401(k) audit fees range from $8,000 to $20,000 for straightforward plans. Costs increase with participant count, plan complexity (self-directed brokerage, employer stock, multiple custodians), and first-year audits (20-40% premium over recurring). Plans with unresolved compliance issues cost more.
Key documents: plan document and amendments, trust/custodian statements for all investment accounts (12 months), participant census data, payroll registers showing deferrals and deposit dates, contribution records, distribution records, loan balances, nondiscrimination test results (ADP/ACP), and the prior year's audited financials and Form 5500.
Late remittance of employee deferrals is the most common finding. The DOL requires contributions to be deposited as soon as administratively feasible, generally within 15 business days of payroll. Other common findings: incorrect eligibility determinations, failure to follow the plan document's compensation definition, and errors in employer match calculations.
Filing a Form 5500 without the required audit attachment, or filing late, triggers DOL penalties of $250 per day up to $150,000 per filing. The IRS can assess additional penalties. The plan could lose its tax-qualified status, making all contributions taxable. Plan fiduciaries face personal liability for failure to comply.
The 80-120 rule allows plans that filed as a small plan (no audit required) the previous year to continue filing as small if they have between 80 and 120 eligible participants at the beginning of the current plan year. Once a plan files as a large plan, it must continue filing as large until the participant count drops below 80.
%20(1).svg)
