Retirement plan audits are designed to protect participants by ensuring that workplace retirement plans such as 401(k)s, 403(b)s, and pension plans comply with ERISA and tax rules. Under ERISA, the IRS oversees a plan’s tax-qualified status, while the Department of Labor (DOL) enforces fiduciary and reporting standards. In practice, every covered plan must file an annual Form 5500 and sponsors of “large” plans (generally 100 or more participants) must include an independent audit.
Recent updates to the Form 5500 instructions (effective 2023) have changed how participants are counted for audit purposes. The DOL and IRS now only count participants with account balances — meaning many small plans may no longer need an audit.
Still, all ERISA-covered plans can be audited by either the DOL’s Employee Benefits Security Administration (EBSA) or the IRS. In 2024, EBSA had enforcement jurisdiction over approximately 801,000 retirement plans and recovered nearly $1.4 billion for participants. The majority of EBSA’s monetary recoveries were the result of enforcement actions and informal complaint resolution. EBSA also made a difference for current and future participants and beneficiaries by obtaining such important non-monetary results as the elimination of illegal plan provisions, improved fiduciary governance, and increased access to mental health benefits.
Solid preparation begins with good documentation. Keep copies of all plan documents, amendments, trust statements, summary plan descriptions (SPD), contracts, payroll records, and fiduciary meeting minutes. ERISA fiduciaries are required to act solely in the interest of participants, act prudently, follow plan documents, diversify investments, and pay only reasonable plan expenses.
Key records to maintain include:
The IRS recommends using its 401(k) Plan Checklist to catch common compliance issues before they become audit triggers.
Audits are usually initiated based on risk indicators. These may include:
Performing an internal review or “mock audit” annually can help uncover and fix such issues early. In addition, review the IRS 401(k) Fix-it Guide to help identify potential issues and mistakes and learn how to avoid or fix them.
A retirement plan audit from the DOL or IRS follows a fairly standard 5-step process:
1. Initial Contact
The DOL sends a letter identifying the plan under review and listing documents to produce. Make sure you respond promptly and clarify any vague requests.
2. Document Submission
Gather and submit requested documents: plan documents, amendments, trust records, investment statements, participant data, contribution logs, and fiduciary committee records. Make a checklist of everything submitted and retain copies.
3. On-Site or Virtual Interviews
Investigators may visit your office or conduct interviews virtually with plan fiduciaries and administrators. Be factual and consistent. Demonstrating process and documentation is often more important than memorizing answers.
4. Findings
If no violations are found, you’ll receive a closing letter. If violations are discovered, you may receive a Notice of Voluntary Compliance. You’ll be asked to correct issues such as missed contributions, prohibited transactions, or document errors.
5. Resolution
Plans can often resolve errors through the Employee Benefits Security Administration’s Voluntary Fiduciary Correction Program (VFCP). In 2024, EBSA received 1,037 VFCP applications and 20,009 DFVCP filings, showing how often sponsors use this route to avoid penalties. Similarly, IRS audits may be resolved using their Employee Plans Compliance Resolution System (EPCRS), which allows sponsors to fix qualification failures and avoid plan disqualification.
During an audit, keep your responses accurate, complete, and professional:
The DOL often prioritizes voluntary cooperation and will work with plan sponsors to achieve compliance when good faith is shown.
A strong governance process is your best defense. Here’s how to stay audit-ready:
No plan sponsor looks forward to a retirement plan audit—but it doesn’t have to be a nerve-wracking experience. With proper preparation, clear documentation, and a firm grasp of your responsibilities, audits can become a routine aspect of plan management, not a crisis.
Plan sponsors who take their fiduciary role seriously, stay educated, and proactively review operations won’t just survive audits—they’ll build stronger, more compliant plans that benefit employees and protect their organizations.
Informational Resources:
2021, August, 401(k) Plan Checklist
2023, August, Retirement Plan Audits- First Time?
2024, March, How to Prepare for Your 401(K) Plan Audit
2024, November, 401(k) plan fix-it guide
2024, Nov-Dec, 2025 ERISA Plan Compliance Calendar
2024, December, EBSA Restores Nearly $1.4 Billion to Employee Benefit Plans, Participants, and Beneficiaries
n.d, Voluntary Fiduciary Correction Program
2025, January, More Than $1 BN to Plans, Participants, Beneficiaries in’24, Says EBSA