For most plan sponsors, EBP audit season arrives the same way every year: too fast, with too much to pull together. Contribution schedules live in one spreadsheet, census data in another, and the SOC 1 report from the recordkeeper is buried in someone’s inbox.
It doesn’t have to work that way. Teams that prepare early and stay organized year-round move through audits with far less friction. This checklist exists to help you get there.
Employee benefit plan (EBP) audits are required, consequential, and worth taking seriously. A late or incomplete Form 5500 filing can trigger penalties. Significant deficiencies in audit findings can signal control weaknesses to regulators. And the manual effort of pulling everything together is a recurring drain on finance and HR teams that proper preparation largely eliminates.
This checklist is for plan sponsors, finance teams, and HR professionals responsible for managing or supporting the EBP audit process. It covers what to gather, when to gather it, and how to structure your preparation across the 60 – 90 days before fieldwork begins.
Not sure whether your plan requires an audit? Read our guide to EBP audit requirements.
The Employee Benefit Plan Audit Checklist
Let’s take it step by step look: pre-audit, document preparation, during, and after the audit.
Phase 1: Pre-audit (60 – 90 days before fieldwork)
This phase is about scoping and gathering foundational documentation. The decisions you make here and the records you track down set the pace for everything that follows.
- Engage your auditor early. Before anything else, reach out to confirm timing, align on the format of their information request list, and discuss fees. Starting this conversation 60 – 90 days out gives both sides time to surface issues before fieldwork begins, not during it.
- Confirm your audit scope. Determine whether your plan qualifies for an ERISA 103(a)(3)(C) audit (formerly the limited scope audit) or requires a full-scope audit. This affects the certifications you’ll need from your custodian and the procedures your auditor will perform.
- Designate an internal audit liaison. Assign a single point of contact to coordinate between your auditor, third-party administrator (TPA), recordkeeper, and internal teams. Diffuse ownership is one of the most common causes of audit delays.
- Gather and organize plan documents. Your auditor will request these early. Assemble your adoption agreement, any plan amendments, the summary plan description (SPD), the IRS determination letter, and the trust agreement. If any of these have been updated during the plan year, make sure you have the current versions.
- Document related employer and entity information. If your organization has subsidiaries, common ownership structures, or multiple plan sponsors, gather documentation relevant to control group, affiliated service group, and qualified separate line of business (QSLOB) determinations. Auditors use this to assess whether eligibility and coverage testing was performed correctly across the full controlled group.
- Collect service provider contracts and fee schedules. This includes agreements with your recordkeeper, custodian, TPA, and investment advisors. Auditors review these to assess the reasonableness of fees and the scope of services.
- Obtain SOC 1 reports from your recordkeeper and custodian. A Type II SOC 1 report covers controls over a defined period and is what most auditors require. Confirm the report period aligns with your plan year; if there’s a gap, ask your service provider how they address it.
- Pull investment committee and board meeting minutes. These document plan governance decisions made during the year, including changes to investment options, service providers, or plan design. Auditors use them to understand the context behind transactions.
- Confirm fidelity bond coverage. ERISA requires a fidelity bond equal to at least 10% of plan assets, up to $500,000 (or $1,000,000 if the plan holds employer securities). Confirm your coverage is current and meets these thresholds.
Phase 2: Document preparation (30 – 60 days before fieldwork)
With scope confirmed and foundational records in hand, this phase shifts to the detailed financial and compliance documentation your auditor will test.
- Reconcile trust and custodian statements to your general ledger. This is one of the first things auditors check. Unexplained differences create immediate questions. Work through any discrepancies before fieldwork starts, not during it.
- Prepare or request the annual reporting package from your TPA. This should include contribution schedules, distribution reports, loan activity, and rollover detail. Review it for completeness and flag anything that looks inconsistent with your payroll records.
- Compile participant census data. Auditors test participant eligibility, vesting, and benefit calculations against census information. You’ll need hire dates, termination dates, compensation figures, and deferral elections organized by participant.
- Pull payroll records that support contribution calculations. Employee deferrals and employer contributions should tie back to payroll. Collect the pay period records that support the contribution schedules in your TPA reporting package.
- Gather compliance testing results. This includes results for ADP/ACP testing, top-heavy testing, 410(b) coverage testing, and 402(g) deferral limits. If any tests failed and corrections were required, document the correction methodology and timing.
- Draft Form 5500 and supporting schedules. Even if your TPA prepares the final filing, having a draft in hand before fieldwork allows your auditor to review it concurrently and flag any issues early.
- Request the certification letter from your custodian (if electing a 103(a)(3)(C) audit). This letter certifies the accuracy of the investment information the auditor will rely on in lieu of performing independent procedures. Confirm the format meets your auditor’s requirements.
Phase 3: During and after the audit
When fieldwork begins, preparation either pays off or catches up with you. This phase is about staying responsive, moving quickly, and closing the loop.
- Prepare for participant-level sample testing. Auditors select a sample of participants and test transactions at the individual level. Have enrollment forms, distribution paperwork, and loan documentation organized and accessible. Delays in producing sample support are a common source of audit extensions.
- Track and respond to auditor inquiries promptly. Designate someone to manage the auditor’s request list and set clear internal turnaround expectations. Slow responses extend the audit timeline and increase costs.
- Address findings and develop corrective action plans. If the audit surfaces deficiencies, work with your auditor to understand the root cause and develop a documented response. Regulators expect to see that management takes findings seriously.
- Finalize and file Form 5500 by the deadline. For calendar-year plans, the filing deadline is 31 July. A 2.5-month extension is available (pushing the deadline to 15 October), but it must be filed before the original due date. Missing the deadline triggers penalties that accrue daily.
Tips for a Streamlined EBP Audit Process
Beyond the checklist, a few habits make a meaningful difference in how audit season feels and how much time your team spends on it.
- Conduct a self-audit before your auditor arrives. Walk through your own documentation as if you were the auditor. Look for gaps, inconsistencies between sources, and anything that requires explanation. It’s far better to find these yourself.
- Build a recurring compliance calendar. EBP compliance isn’t a once-a-year event. Required participant notices, contribution remittance deadlines, and Form 5500 filing dates are predictable. A shared calendar with ownership assigned for each item keeps teams aligned year-round.
- Keep documentation organized throughout the year. The teams that struggle most at audit time are the ones that only organize documentation when the auditor asks for it. Maintaining a clean, organized repository year-round cuts preparation time significantly and reduces the risk of missing something.
- Use purpose-built software to reduce manual effort. The right platform – like Trullion’s Audit Suite – can centralize document management, automate reconciliation, and maintain a clear audit trail, so your team isn’t rebuilding support under pressure every year.
Preparation Is What Separates A Smooth Audit From A Stressful One
The teams that move through EBP audits most efficiently aren’t the ones working harder in the final weeks – they’re the ones who kept their documentation structured throughout the year.
Trullion was built by accounting and audit professionals who have sat on both sides of this process. They know what auditors look for, where documentation gaps typically surface, and what it takes to keep financial reporting clean and supportable year-round. That experience is reflected in how the platform works.
Accounting teams use Trullion to centralize source agreements, automate complex accounting workflows, and maintain a clear audit trail from underlying documentation to financial statement impact — so that when the auditor arrives, the support is already there. The platform doesn’t replace the judgment that EBP compliance requires. It structures the work around it, so that judgment is applied where it matters most.
The result is less time spent gathering support, fewer manual errors, and an audit process that reflects the rigor your plan deserves.
Ready to see how Trullion supports audit readiness? Book a demo.