It’s time to consider a wage and hour audit

A record $322 million of unpaid wages were recovered for the 2019 fiscal year, according to the Department of Labor (DOL). With the new salary threshold taking effect January 1, it may be a good time to consider conducting a wage and hour audit. Read the following blog post from Employee Benefit News to learn more.

Those who believed the Trump administration would scale back the Obama-era Department of Labor’s aggressive enforcement of wage and hour laws may be surprised to learn that the DOL recently announced that it recovered a record $322 million in unpaid wages for fiscal year 2019. This is $18 million more than that recovered in the last fiscal year, which was the previous record.

The agency has set records in back wages collected every year since 2015, according to data released by the DOL. This year, the average wages DOL recovered per employee were $1,025. The agency’s office of federal contractor compliance also announced that it had recovered a record $41 million in settlements over discrimination actions involving federal contractors, an increase of 150% over the last fiscal year.

Effective Jan. 1, the new salary threshold that most salaried employees must earn to be exempt from overtime pay will be $35,568, or $684 per week, under the final rule issued by the DOL in September.

With the new salary threshold taking effect soon, and the DOL continuing to aggressively enforce wage and hour laws, it is a good time to consider conducting a wage and hour audit to ensure that employees are properly classified as exempt or nonexempt and that other pay practices comply with the law.

Employers who did this in 2016, only to find out later that the Obama administration’s proposed hike in the salary threshold would not take effect, may have a strong feeling of déjà vu. But this time, there does not appear to be any viable legal challenge that would delay or block the salary threshold change, so employers must be prepared to either increase salaries of “white-collar” exempt employees (who earn less than $35,568) or reclassify them as hourly employees by January.

Among other things, a wage and hour audit should include the following:

  • Review all individuals classified as independent contractors;
  • Review all employees classified as exempt from overtime under one or more “white-collar” exemptions (administrative, executive, and professional), who must earn at least the $35,568 salary threshold beginning January 1, 2020;
  • Review all other employees classified as exempt from overtime, including computer and sales employees; and
  • Review all individuals classified as interns, trainees, volunteers, and the like.

In addition to ensuring whether employees are properly classified as exempt or nonexempt, a thorough wage and hour audit should look at a number of other issues, including timekeeping and rounding of hours worked, meal and rest breaks, whether bonuses and other special payments need to be included in employees’ regular rate of pay for calculating overtime, and payments besides regular wages, such as paid leave and reimbursement of expenses.

SOURCE: Allen, S. (8 November 2019) "It’s time to consider a wage and hour audit" (Web Blog Post). Retrieved from

The DOL Audit: Understanding the spectrum of risk

Will the Department of Labor (DOL) audit my plan? The likelihood that the DOL will audit your plan is low, but it can happen. Continue reading to learn more.

Risk is discussed in many contexts in the retirement plan industry. It comes up as a sales tactic; as good counsel from trusted advisors preaching procedural prudence; or, often, in the form of intimidating industry vernacular like fiduciary liability, fidelity bond or the big, bad Department of Labor (DOL).

This DOL paranoia is an underlying motivation that drives the risk conversation with distributors and retirement plan sponsors. Naturally, the question of probability comes up: What is the likelihood the DOL will audit my plan? The answer is low, but it can happen.

When evaluating retirement plans in terms of risk, it’s best viewed as a spectrum. Generally, risk falls into three principal areas of concern.

Lawsuit risk: The likelihood of a fiduciary-based lawsuit for most plan sponsors is very low. However, if this does arise, it will be unpleasant and expensive, both financially and in terms of reputation.

Administrative breach: Upon inspection, most plans will have some kind of operational defect. Typically, these are either an administrative, fiduciary or a document-level defect. If left uncorrected, they are potentially disqualifying. The good news is the IRS has corrective methods in place for the most common errors. Generally, these are relatively inexpensive to correct but will cost clients a little time and money, and likely some aggravation.

DOL/IRS audit risk: It’s usually the administrative breach discussed above that leads to the DOL/IRS investigation or audit. These agencies are not interested in disqualifying plans; they are more interested in correcting them and protecting the participants from misdeeds (intentional or not).

When a DOL audit does happen, it tends to occur because someone invited investigation. This could be the result of a disgruntled former employee, a standard IRS audit that somehow spiraled into a full DOL investigation or a variety of other reasons. So, what can employers and their service providers do to avoid an audit?

The IRS and DOL don’t publish an official list of items that could lead to an investigation, but it’s a good idea to look at your plan’s most recent IRS Form 5500 filings to decrease the likelihood of an audit. This is publicly available information that can signal to government agencies that something might be wrong and they should take a closer look. Some of the more common red flags include:

  • Line items that are left blank when the instructions require an answer
  • Inconsistencies in the data disclosed on the Form 5500 schedules
  • A large drop in the number of participants from one year to the next
  • A large dollar amount in the “Other” asset line on the Schedule H
  • Having an insufficient level for the plan’s required Fidelity Bond
  • Consistently late deposits or deferrals and hard-to-value or non-marketable investments (including self-directed brokerage accounts or employer stock) could be counted as red flags as well.

Plan sponsors should make sure that 5500s are completed with the same care and attention to detail used when filling out IRS 1040, and ensure the plan is being governed properly and in compliance with ERISA. This can be a challenge even for the most well-intentioned plan sponsors, given the complexity of the task and the fact that most employers don’t have the expertise in-house.

Calling in a specialist

But you don’t need to navigate these waters on your own. Instead, you might consider the “Prudent Man” rule, which implies that when expertise is required yet absent, a prudent person outsources the needed expertise. There is a wealth of talented retirement plan specialists and advisors available to help guide you through the audit process or, better yet, steer clear of it altogether.

When considering whether to employ one of these specialists, you will need to evaluate their experience, expertise and training, as well as if they provide services to help the plan sponsor keep the DOL (and the IRS) out of their offices. Some commonly available services include:

  • 5500 reviews to help plan sponsors avoid potential audit triggers
  • Coaching services to help plan sponsors identify and eliminate some of those difficult-to-value assets like employer stock or self-directed brokerage accounts
  • Service provider evaluations to help plan sponsors identify those who will work as a plan fiduciary and put the appropriate guardrails in place on an automated basis

In conclusion, the best way to survive a potential DOL investigation or IRS audit is to avoid one altogether. Committing to best practices for running the plan may mean outsourcing a great deal of the work to specialist retirement plan providers and advisors. Plan sponsors would be wise to consider working with service providers who operate as plan fiduciaries themselves. In this way, you’re more likely to avoid problems and achieve better plan results, leading to better outcomes for everyone.

SOURCE: Grantz, J (7 June 2018) "The DOL Audit: Understanding the spectrum of risk" (Web Blog Post). Retrieved from

Avoiding red flags: How to lower your plan's audit risk

Any size plan can be selected for an IRS or DOL audit. Businesses should learn how to avoid the red flags to help lower their plan’s audit risk. Read this blog post to learn more.

Are only the largest retirement plans audited? The truth is that plans of any size can be audited by the IRS and the DOL. Your plan could be selected for a random audit, or as a result of IRS datasets that target certain types of plans. However, lots of audits are triggered by specific events. Learning to avoid the red flags can help reduce your risk and increase the odds that you will survive any audit for which you are selected without major problems.

Your Form 5500 can be audit bait

Bad answers to Form 5500 can attract the Labor Department’s attention and serve as audit bait. The best way to make sure that your Form 5500 filing doesn’t lead to an audit is to check it carefully — with outside assistance if necessary — to make sure that the compliance questions are answered correctly.

For example, one compliance question asks whether the plan is protected by an ERISA bond and if so, the amount of coverage. Never answer “no” to this question. If for some reason you didn’t have a bond before, get one now. It is even possible to obtain retroactive coverage.

A coverage amount that is too low is also a red flag. In most cases, the bond must be for at least 10% of plan assets at the beginning of the year, although plans with certain types of investments must have higher coverage. Since assets at prior year end and at the beginning of the year are also shown on the 5500, showing an amount lower than 10% of those assets will invite the DOL to follow up.

The DOL will also look at the investment and financial information shown in the asset report. If your plan has many alternative investments such as hedge funds, has invested in other hard-to-value investments, or if you have large amounts of un-invested cash, you may also be inviting a follow up by the DOL. If your asset values as of the end of the prior year do not match your opening year balance for the succeeding year, you are also inviting unwanted inquiries.

Other answers that may get you targeted for further investigation are: if you indicate that you have late deposits of employee contributions or that you have not made required minimum distributions to former employees who are 70.5 years old. Note that this question does not need to be answered “Yes” if reasonable efforts have been made to find the participants but they still can’t be located.

Don’t ignore employee claims and complaints

Many plan sponsors don’t realize that employee complaints to the IRS and DOL often lead to audits. Make sure that employee questions and complaints receive a response, and if a formal claim for benefits is filed, make sure to follow the ERISA regulations on benefit claims and appeals. It is a good idea to run any denials past your ERISA attorney to make sure they are consistent with the written plan terms and clearly explain the participant’s appeal rights and the reason for the denial.

Be prepared

If your plan is selected for IRS or DOL audit, expect to be asked to provide executed plan documents, participant notices and fiduciary policies, such as your Investment Policy Statement. Keep these in a file to avoid a last-minute scramble to satisfy the auditor’s requests. You should also be prepared to show that you are making diligent efforts to find missing participants, deal with defaulted loans and review plan fees, which are current hot issues for auditors.

To be even better prepared, you can do a self-audit to identify problems that need correction before the IRS or DOL do.

SOURCE: Buckmann, C (29 June 2018) "Avoiding red flags: How to lower your plan's audit risk" (Web Blog Post). Retrieved from:

How to avoid a DOL 401(k) audit

Are you worried that your company's 401(k) plan might face a Department of Labor audit? Check out this great tips from Employee Benefits Network on how to avoid a 401 (k) aduit by Robert C. Lawton

There are many reasons for plan sponsors to do everything possible to avoid a Department of Labor 401(k) audit. They can be costly, time consuming and generally unpleasant.

The DOL, in its fact sheet for fiscal year 2016, indicates that the Employee Benefits Security Administration closed 2,002 civil investigations with 1,356 of those cases (67.7%) resulting in monetary penalties/additional contributions. The total amount EBSA recovered for Employee Retirement Income Security Act plan participants last year was $777.5 million.

In my experience, if a plan sponsor receives notification from the DOL that it has an interest in looking over their 401(k) plan, they need to be concerned. Not only do the statistics support the fact that DOL auditors do a good job of uncovering problems, but in my opinion, they are not an easy group to negotiate with to fix deficiencies.

As a result, the best policy plan sponsors should follow to ensure they don’t receive a visit from a DOL representative is to do everything possible to avoid encouraging such a visit. Here are some suggestions that may help plan sponsors avoid a DOL 401(k) audit:

1. Always respond to employee inquiries in a timely way. The most frequent trigger for a DOL 401(k) audit is a complaint received from a current or former employee. These complaints can originate from employees you have terminated who feel poorly treated or existing employees who feel ignored. Make sure you are sensitive to employee concerns and respond in a timely way to all questions. Keep copies of any correspondence. Be very professional in how you treat those individuals who are terminated — even though in certain instances that may be difficult. Terminated employees who feel they have been mistreated often call the DOL to “get back” at an employer.

2. Improve employee communication. Often employee frustrations come from not understanding a benefit program — or worse, misunderstanding it. If you are aware that employees are frustrated with your plan or there is a lot of behind the scenes discussion about it, schedule an education meeting as soon as possible to explain plan provisions.

3. Fix your plan — now. If the DOL decides to audit your 401(k) plan, as shown above, it frequently finds something wrong. Many times plan sponsors are aware that a certain provision in the plan is a friction point for employees. Or worse, they know the plan is brokenand no one has taken the time to fix it. Contact your benefits consultant, recordkeeper or benefits attorney to address these trouble spots before they cause an employee to call the DOL.

4. Conduct a “mock” DOL 401(k) audit. Many 401(k) plan sponsors have found it helpful to conduct a mock audit of their plan or hire a consulting firm to do one for them. If management hasn’t been responsive to your concerns about addressing a plan issue, having evidence to share with them that shows an audit failure can be very convincing.

5. Make sure your 5500 is filed correctly. The second most frequent cause of a DoL 401(k) audit relates to the annual Form 5500 filing. The most common 5500 errors include failing to file on time, not including all required schedules and failing to answer multiple-part questions. Ensure that your 5500 is filed by a competent provider and that it is filed on time. Most plan sponsors either use their recordkeeper or accountant to file their plan’s 5500. Don’t do it yourself. The fees a provider will charge to do the work for you are very reasonable.

6. Don’t be late with contribution submissions. Surprisingly, many employers still don’t view participant 401(k) contributions as participant money. They are, and the DOL is very interested in ensuring that participant 401(k) contributions are submitted promptly to the trustee. Be very consistent and timely with your deposits to the trust. Participants will track how long it takes for their payroll deductions to hit the trust. If they aren’t happy with how quickly that happens, they may call the DOL. If you have forgotten to submit a payroll to the trustee, or think you may have been late, call your benefits attorney. There are procedures to follow for late contribution submissions.

DOL audits are generally not pleasant. It wouldn’t be too strong to say that they are often adversarial. Because these visits are typically generated by employee complaints or Form 5500 errors, auditors have a pretty good idea that something is wrong. Consequently, I recommend that plan sponsors do everything they can to avoid a DOL 401(k) audit.

See the original article Here.


Lawton R. (2017 February 13). How to avoid a DOL 401(k) audit [Web blog post]. Retrieved from address

How to Prepare for a HIPAA Audit


Original post

The Department of Health and Human Services’ Office of Civil Rights has announced it will be launching phase two of the Health Insurance Portability and Accountability Act audit program. Advisers can help clients prepare by updating policies and procedures, among other steps.

HIPAA provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs, reduces healthcare fraud and abuse, mandates industry-wide standards for healthcare information on electronic billing and other processes; and requires the protection and confidential handling of protected health information.

HIPAA established national standards for the privacy and security of protected health information and the Health Information Technology for Economic and Clinical Health Act (HITECH). This established breach notification requirements to provide greater transparency for individuals whose information may be at risk.

HITECH requires OCR to conduct periodic audits of covered entity and business associate compliance with the HIPAA privacy, security and breach notification rules. OCR began its initial audit in 2011 and 2012 to assess the controls and processes implemented by 115 covered entities to comply with HIPAA.

Phase two of the audit will focus on any covered entity and business associate. OCR will identify pools of covered entities and business associates representing a wide range of healthcare providers, health plans and healthcare clearing houses.

Roy Bossen, partner at Hinshaw & Culbertson LLP, says the law firm he works for is considered a business associate because the firm deals with cases under medical malpractice.

“When we defend a hospital or a doctor, we have access to Protected Health Information (PHI),” Bossen says. “There is requirement in HIPAA for what a business associate must do to protect [PHI] as well.”

Bossen says there is not a specific penalty for not passing the audit; however an entity or business associate could face possible fines for failure of the audit.

“The next phase of the audit will be called a compliance review,” he says. “[Entities and business associates] will require a more in-depth review of what their policies and procedures are, and that could theoretically lead to fines and penalties.”

Bossen stresses that it is important for employers to determine whether they are a covered entity or business associate or if the audit even applies to an employer’s business. An employer that operates their own plan would be considered a covered entity.

Advisers and brokers can assist their clients by making sure employer’s policies and procedures are up to date while also making sure the employer’s practices match-up with the up to date policies and procedures.

“It is not uncommon in any field to have a great policy manual that’s in a nice binder on a shelf or an email document that gets sent out, but nobody practices the organization of what their policies and procedures stipulate,” Bossen says.

The HIPAA phase two audit program will begin the next couple months and should a covered entity or business associate be contacted for a desk audit or onsite audit.

Both audits can take up to 10 days to be reviewed and the auditor will have entity’s final report within 30 business days.

Using Compliance Reviews to Prepare Employers for Audit

Original post

A retirement plan sponsor has a fiduciary duty to ensure that the plan complies with all federal and state rules and regulations. Plan sponsors must follow the plan’s provisions without deviating from them unless the plan has been amended accordingly. Failure to follow the provisions can lead to plan disqualification. For the 2015 fiscal year, the Employee Benefits Security Administration reported that 67.2% of employee benefit plans investigated resulted in financial penalties or other corrective actions.

An operational compliance review can help. It’s different from a financial audit. An audit reviews the plan as it relates to the presentation of financial data; it is not designed to ensure compliance with all of ERISA’s provisions or other requirements applicable under the Internal Revenue Code. Operational compliance reviews, on the other hand, are concerned with validating the process being reviewed, with no restriction on whether it impacts the financials. An operational compliance reviewer wants to know that the process works, whether it is replicable, and consistent with the plan document.

Where to Begin

First, employers need to define the scope of the plan. To help define the scope, advisers and employers consider the following questions:

  • Does the plan sponsor have a prototype, volume submitter, or individually designed plan document?
  • Have there been any recent changes to the plan document?
  • Have there been any changes to any of the service providers, including payroll and record keepers, over the past few years?
  • Has the plan sponsor had to perform any corrections recently, perhaps without fully understanding how the errors occurred?
  • Have there been any data changes or file changes as they are provided to the record keeper?
  • Is there money in the budget to cover the review?

With the scope defined, a thorough operational compliance review should involve the following key steps:

  • Review of the plan document and amendments, along with summary plan descriptions and a summary of material modifications;
  • Review of required notices sent to participants, such as quarterly statements, initial and annual 404(a)(5) participant fee disclosures, Qualified Default Investment Alternative notices, safe harbor notices, etc.;
  • Review of service provider contracts, such as record keepers and trustees/custodians;
  • Discussions with the people who administer the plan, which may include the record keeper, trustee/custodian, payroll and benefits administration personnel;
  • Review of plan administrative manuals, record keeper operational manuals, procedural documents and policy statements; and
  • Review of sample participant transactions and data for each of the areas being reviewed.

Reviewing and comparing a record keeper’s administrative or operational manual with the plan document is an essential step in the review process. There tends to be a higher propensity for errors to occur when a record keeper is administering a plan that has an individually designed document versus its own prototype document. Lack of documented procedures can be cause for concern in ensuring the consistency and integrity of administering the plan, especially when there are any changes to the record keeping infrastructure, such as changes to plan provisions, modifications or upgrades to the record keeping system, or even personnel turnover.

While this process may lead to the discovery of errors you don’t necessarily want to find, you do want to gain perspective and overall confidence on your plan’s operations. Aside from finding errors, here are some things you should capture from an operational compliance review:

Areas of improvement for operational efficiency, including opportunities to maximize record keeper’s outsourcing capabilities;

  • Answers to questions on whether the plan’s provisions and administration would be considered “typical”, and how they compare to industry best practices;
  • An overall rating or report card of how a record keeper or service provider compares to industry peers; and
  • Confidence that if your client’s plan is approached by the DOL or IRS, it’s ready for an investigation that will conclude with a letter saying “no further action is contemplated at this time”.

Embarking on an operational review may seem intimidating but, with a well-thought-out plan, process, and the right resources, a successful review will uncover potential issues that can be resolved the IRS or DOL arrive at your client’s door. The rewards for your efforts may include perspective on industry best practices and how you can operate the plan more efficiently.

Audit: What should I expect from a Department of Labor audit?

Original post by

Employers should keep in mind that the U.S. Department of Labor (DOL) can audit employers at any time, although the most common reason for a DOL audit is a complaint from an employee.

The DOL has also targeted employers in low-wage industries for wage and hour violations, particularly in the areas of agriculture, day cares, restaurants, garment manufacturing, guard services, health care, hotels and motels, janitorial services, and temporary help. By understanding the audit process and following the guidance below, employers will be better prepared to handle a DOL audit.

  1. The DOL typically provides little advance notice of an audit. However, you can request time to gather records. Typically, the amount of time an employer will have will depend on the auditor.
  2. Contact the auditor to find out specific information about the audit. Key questions to ask are the focus of the investigation (e.g., overtime pay compliance, exempt vs. nonexempt classification, minimum wage compliance), the time period for records the auditor wants to view, and the names of any employees that may be interviewed.
  3. Gather the records in accordance with guidance provided by the auditor. Be prepared to provide documentation related to the company compensation policies and procedures. Keep track of exactly what information was provided. Do not provide records other than what the auditor requests.
  4. Designate one or two company representatives to work with the auditor. Some employers choose to designate their company’s legal counsel; other employers will designate senior managers. The representatives will have the duty to provide documents requested, arrange for any additional records to be provided to the auditor (if necessary) and coordinate employee interviews.
  5. During the audit, be courteous to and cooperative with the auditor. It is a good practice to provide a quiet area for the auditor to work in.
  6. At the end of the audit, ask the auditor to provide a summary of the results of the investigation. This information will help an employer review options for resolutions if any violations are found. If violations are found, employers are encouraged to consult legal counsel before any settlements are reached with the DOL.

To be proactive, employers should consider a self-audit, which consists of the following steps:

  • Review job descriptions.
  • Understand the differences between federal and state laws and ensure that the laws are correctly applied to employees.
  • Ensure that FLSA classifications are correct.
  • Keep accurate payroll records.
  • Apply policies consistently.
  • Make sure all records are complete and work to resolve any inconsistencies.
  • Determine how to address any areas of concern identified via the self-audit.

Top 10 401(k) compliance mistakes auditors catch


There are a number of emerging Department of Labor issues that employers should be aware of in order to ensure their benefit plans are compliant and being properly administered. Knowing the DOL is going to be vigilant in these areas means that now is a good time to review benefit plan documentation and administrative practices to ensure compliance.

Here are the top-10 mistakes auditors catch:

1. Late or erratic payment of employee deferrals. According to the DOL, contributions must be paid as soon as administratively feasible, but no later than the 15th business day of the following month (when deferrals are withheld). Employee contributions should be within this time frame, but also consistently remitted among all payrolls and pay periods.

2. Oversights in calculating employee contributions. 401(k) contributions should be determined in accordance with the plan document (which should include the definition of compensation) andin accordance with employees’ instructions.

3. Misunderstanding of the vesting period. Each plan defines when employees reach one year of service. HR and other departments may calculate it differently.

4. Disregard for break-in service rules. Usually, plans state that when employees leave and are rehired within a certain time frame, that they're automatically eligible to participate in a 401(k) plan. This rule is sometimes overlooked.

5. A growing number of forfeiture accounts. When employees leave and forfeit their 401(k) balances, those funds aren't always used as outlined in the plan, such as for paying employer-plan fees or in the time frame required by the Internal Revenue Service.

6. Incorrect tax witholdings when employees take distributions. People can take distributions from employer-sponsored plans prior to age 59½, but these early-withdrawals must be made in accordance with IRS rules in terms of penalties and any income taxes due.

7. Mistakes with profit-sharing contributions. Errors occur most often when annual calculations are performed manually vs. being automatically tallied through payroll software.

8. Mishandling employee requests. When employee requests, such as changes in deferral percentages, are handled manually, they are sometimes coded incorrectly or simply not entered at all.

9. Disconnect with service-provider contracts. Sometimes, there’s a disconnect between the company and its service provider. Responsibilities should be crystal clear, especially in the areas of hardship withdrawals and informing employees of eligibility.

10 Overlooking the plan's eligibility requirements. Some employees may be enrolled too early or too late ― or forgotten altogether, which can be the case with employees working at another corporate affiliate or division.