How to prepare for (and potentially prevent) a retirement plan audit


As with any unknown that lies ahead, it is always best to prepare for an audit prior to its arrival. Although the audit selection process is sometimes random, the IRS also analyzes organization and employee data that may indicate a retirement plan sponsor is out of compliance.

How does the IRS select which retirement plans and plan sponsors to audit?

In addition to random selection, a 403(b) plan sponsor may be selected for an audit in the following ways:

  • Joint examinations of employer plans by the IRS with the Exempt Organization business unit.
  • As a result of improper Form W-2 reporting by an employer.
    Since 403(b) church plans are not required to submit a Form 5500, as is required by ERISA plans, the IRS looks at the employer’s Form W-2 instead.
  • Lack of employer response to a compliance check letter from the IRS’ Employee Plans Compliance Unit (EPCU).

This is a simple way for the IRS to identify an employer for audit. Conversely, a simple way for an employer to potentially prevent an audit is by timely response to the EPCU compliance check request.

What is the EPCU?

The IRS’ EPCU conducts compliance checks rather than audits. Compliance checks are used to determine whether retirement plan recordkeeping and reporting requirements are being met, and usually do not involve examination of plan records and data. Typically, the EPCU will identify common non-compliance issues from field auditors, which may then lead to a compliance check by the EPCU. As of October 2020, the EPCU has conducted more than 51,000 compliance checks1.

If your employer gets contacted by the EPCU, the employer should follow their instructions. You are not under audit just yet.

What is the typical EPCU process?

The IRS’ EPCU initially contacts employers with a mailed letter and a questionnaire. Employers should answer the questionnaire and return it to the EPCU within the requested time frame. Employers should review the information carefully to understand the deadlines involved, as it can often be a short turnaround.

The initial compliance check letter does not require documentation; however, the employer has the option to submit documentation to support questionnaire answers. Employers shouldn’t send an overwhelming amount of documentation, but if there is a simple document that validates or clarifies an answer, by all means, include it.

The most important step in this process is responding in a timely manner to the questionnaire. If your employer does not answer, the IRS will not just forget about you — they will be contacting you again. Usually, if an employer does not respond to the first questionnaire, the EPCU will send a follow-up letter about two months later with a 15-day deadline to respond. It is imperative that you respond within the given time frame. Failing to respond to a compliance check letter from the EPCU is one of the easiest ways to flag your organization for audit.

What does the IRS do with EPCU information?

The IRS will review your employer’s returned questionnaire and either issue a closing letter or a letter with items that need further review. The closing letter is the letter that elicits that big exhale of relief — no further action needed. If you receive a letter requesting items to review, this still doesn’t mean you have entered the formal audit process. However, it does mean that it is time to provide a judicious amount of additional detail when using documentation as justification for answers. Plan errors identified during a compliance check can often be corrected using the IRS’ voluntary correction program.

What retirement plan records should plan sponsors have available?

As an employer sponsoring a retirement plan, you are required by law to keep your books and records available for review by the IRS. Having these records will also facilitate answering questions when determining participants’ benefits.

As a plan sponsor, you should maintain the following retirement plan information:

  • A list of all retirement plans sponsored, both qualified and nonqualified
  • Plan documentation, including employment contracts sponsored during the years of examination
  • The basic plan and trust documents
  • Plan adoption and participation agreements
  • Plan and adoption agreement amendments
  • Service agreements
  • Information sharing agreements (if applicable)
  • Payroll records (copies of Form W-2, hours worked, etc.)
  • Enrollment forms
  • Salary Reduction Agreements (Retirement Contribution Agreements at GuideStone)
  • Internal policies and procedures regarding retirement plan operation and administration
  • Minutes from plan administrative and investment committees (if applicable)
  • Copies of past retirement plan nondiscrimination testing reports (if applicable)
  • Retirement plan notices (if applicable, e.g., Effective Opportunity Notices, Automatic Enrollment Notices, etc.)
  • Trust records, including investment statements and income statements
  • Participant records (e.g., census data, account balances, contributions and earnings, loan documents, compensation data, participant statements, participant notices, substantiation for hardship distributions, etc.)
  • Other records specific to your retirement plan

You should keep retirement plan records until the trust has paid all benefits and enough time has passed that the plan will not be audited. Retirement plans are designed to be long-term programs for participants to accumulate and receive benefits at retirement. As a result, plan records may cover many years of transactions.

The Internal Revenue Code and Income Tax Regulations, as well as the Employee Retirement Income Security Act of 1974, as amended (ERISA), require plan sponsors to keep records of these transactions because they may become material in determining participant benefit amounts. Although church plans are not subject to ERISA, GuideStone® recommends that you administer and operate these plans using ERISA requirements as a best practice.

You are required to provide complete, accurate records in either paper or electronic format if the IRS requests them during an audit.

Revenue Procedure 98-25 lists the basic requirements for recordkeeping when a taxpayer maintains their records in an automatic data processing system.

Audits are a reality of doing business; however, an audit may be less burdensome if an employer is prepared. If a retirement plan is audited, your preparation may reduce the stress — and the potential cost — for your organization.

Have you already entered the audit process? Learn how to handle an audit.

As always, feel free to contact your relationship manager to access GuideStone’s resources as well as additional information regarding IRS retirement plan audits.


This information should not be considered tax or legal advice. GuideStone stands ready to assist your organization as you work with your legal and tax advisors by providing resources that you and your advisor may find beneficial.

Related Articles
See All