Secrets to Passing an ERISA Audit


ERISA, which stands for the Employee Retirement Income Security Act, regulates employer-sponsored group benefits. Nearly every employer, regardless of their size, is subject to ERISA if they offer even one employer-provided group benefit such as health, dental, vision, accidental death & dismemberment, disability, or group term life insurance; medical flexible spending account or health reimbursement account; wellness and employee assistance program; or any other benefit for which the employer contributes to the cost. The only exempt employers are churches and government entities.

Besides requiring certain plan features, the law also mandates detailed reporting requirements to the Department of Labor and other government agencies and employees and covered members under your policies. While ERISA was first enacted in 1974, recent changes under the Patient Protection and Affordable Care Act (PPACA) have added additional requirements and changed reporting deadlines.


If you offer any of the health mentioned above and welfare benefits, you must meet specific requirements, specifications, and deadlines for plan documents under ERISA as well as under PPACA.

The key ERISA and PPACA provisions are listed here, and details of each follow:

• distribute a written plan document and Summary Plan Description (SPD) for every health and welfare benefit and any voluntary benefit pre-taxed under a 125 plan to all plan participants, including spouses and COBRA enrollees,

• distribute ERISA benefit notices to all eligible employees on enrollment and re-enrollment of your health plan,

• notify participants of any change to a plan that materially affects the design or pricing,

• file Form 5500 and all applicable schedules within seven months after the plan year ends for each plan that has more than 100 participants (not just employees) on the first day of the plan year,

• meet all fiduciary standards and plan terms,

• establish a trust fund that holds the plan’s assets, if applicable,

• establish a recordkeeping system to track contributions, benefit payments, maintain participant and beneficiary information, and prepare to report documents,

• provide a summary of benefits and a coverage explanation (SBC) and documentation of how and when it was distributed each year,

• verify fiduciary bonding needs for individuals handling funds and other property of employee benefit plans like a 401(k) plan, if applicable.

The deadline for each requirement varies, depending on when your plan was enacted, whether it is grandfathered under PPACA, whether material changes have been made, and other exceptions. Copies of certain plan documents must also be available to participants and beneficiaries on written request.


An employer must have a written Summary Plan Description (SPD) for each separate welfare benefit plan, informing participants of eligibility requirements, benefits, claims and appeals procedures, and rights under ERISA. Your insurers may provide some but not all information required for SPD compliance. It is a common mistake by employers to think the summary insurance information they receive from their insurance provider meets the SPD requirements.

A common approach combines all SPDs into one overall SPD Wrap notice, tying in the required ERISA language and simplifying the SPD notice process. A customized SPD Wrap must include the name of the plan, plan sponsor, plan administrator, plan year, employer tax identification number, type of welfare plan, type of administration, a summary of the benefits, detailed description of plan benefits for group health plans, provider network availability for group health plans, procedures for Qualified Medical Child Support Orders (QMCCOS), COBRA rights, plan contributions, and claims procedures. A Statement of ERISA Rights is also required.

The SPD and Wrap must be distributed to newly-enrolled participants within 90 days of coverage starting or within 120 days of a new plan being established.


All eligible employees must receive ERISA Benefit Notices upon enrollment and re-enrollment of your health plan.

Depending on company size and other criteria, you may be required to provide employees with the following employee notifications:

• Medicare Part D Notice

• CHIP (if applicable in your state)

• Wellness Program Disclosure

• Women’s Health & Cancer Rights

• Hospital Stay Rights for Childbirth

• Mental Health & Parity Act

• HIPAA Notice

• Disclosure of Grandfather Status

• COBRA Rights – Initial Notice

In the event of certain Qualifying Events, additional required notices may include:

• COBRA Qualifying Event Letter

• HIPAA Breach Notice

• Medical Child Support Order Notice (MCSO)

• National Medical Support Notice (NMS)


ERISA further requires employers with 100 or more participants to annually report certain information to the DOL on Form 5500.

Form 5500 returns ask for information about the plan, including plan name, plan year, plan sponsor, plan number, participants, insurance costs, and financial data. Employers who set up an SPD Wrap can file one 5500 reports for the SPD Wrap covering all health and welfare plans.

Once a Form 5500 is completed and filed, you must prepare a Summary Annual Report (SAR) for each of your welfare benefit plans subject to ERISA reporting, or just one if done under an SPD Wrap. The SAR summarizes Form 5500 information and notifies participants Form 5500 has been filed, and a copy is available to those who request a copy. SARs must be distributed to covered participants within nine months after the end of the plan year. A SAR is not required for plans that are not required to file a Form 5500.


The Department of Labor’s Employee Benefits Services Administration (EBSA) routinely conducts audits of group health benefit plans to investigate or audit the plan’s compliance. In addition, the Health Benefits Security Project (HBSP) was recently established under PPACA to add to EBSA’s compliance and enforcement initiatives. It has been reported that smaller groups of fewer than 100 are mainly targeted since the DOL cannot monitor them through a Form 5500 filing. Audits are anticipated to increase significantly, given increased audit budgets and concerns over ERISA and PPACA violations.

If your company is selected for a DOL audit, a letter will be sent to the Plan Sponsor containing the list of documents the DOL would like to review. The request for information typically goes back three to six years.


Every audit is unique. However, reported trends show the following are specific areas of concern in recent audits:

• Summary Plan Descriptions

• HIPAA compliance particularly notices to employees about special enrollment rights

• PPACA Grandfathered Plan notices and documentation of coverage for adult children

• PPACA lifetime and annual limit requirements

• inadvertently excluding people who may be eligible to participate in the plan, including dependents up to age 2


• the Department’s internal audit initiatives

• employee complaints

• press tips and public visibility of a company or its third-party vendors

• the Department’s Memorandum of Understanding with the IRS

• form 5500 filings inconsistencies or suspect information

• an audit of a plan’s auditor (if 100+ group)

• randomly selected

In the future, DOL audits will also likely focus on:

• employer communications and documentation

• employer reporting requirements

• coverage of essential health benefits, cost-sharing, and out-of-pocket limits for applicable plans

• annual limits, on non-essential health benefits only

• structure of group health benefit plans and offers of coverage

• waiting period limitation of 90 days

• exchange notice documents

• adherence to PPACA requirements

The employer is solely responsible for ERISA compliance. Penalties may be enforced for failure to comply with ERISA regulations, including DOL enforcement actions and penalties, as well as employee lawsuits. Certain infractions can entail up to a $100/day penalty for every employee affected by a violation until the violation is corrected. The penalty for late delivery of SPD or Wrap can be as much as $110/day per plan. Late filing of form 5500 can result in fines as high as $1,100 per day.

The DOL estimate that three out of four plans they audit have an ERISA violation, and about 70 percent of audits with violation have resulted in monetary fines to the employer.


Knowledge and familiarity of compliance requirements, complete documentation, and policies that show reasonable faith efforts to comply are the best way to be prepared for an audit (as well as to avoid one in the first place).

Below is a summary of the items you should have in place to ensure ERISA compliance.

• ERISA & PPACA requirements mentioned above

• Written ERISA plan document

• SPDs or the combined SPD Wrap prepared and distributed to all plan participants within 90 days of the first day of coverage

• Summary of Material Modification (SMM) for any amendments such as carrier change, eligibility change, benefit structure change, etc. to your plans

• Form 5500 and SAR filed annually (only if you have over 100 enrolled participants in any benefit)

An organized employer with meticulous records who has a health insurance broker who helps review all of the company’s compliance materials annually will be in much better shape if faced with a DOL audit than an employer who isn’t prepared.

By Rhonda Hollier, HR Coach, HR Service, Inc.

NAHU Webcasts: