If your company offers a 401(k) plan, it might feel like everything is in good shape. You’ve partnered with a reputable custodian, a reputable plan administrator, deductions are on schedule, and your employees are contributing. But what many growing businesses don’t realize is that once your plan reaches a certain size, federal law requires you to complete an independent audit. Ignoring this requirement can lead to steep penalties and regulatory scrutiny.
Many CFOs and business owners are caught off guard when they discover their plan is already past the threshold. The eligibility rules are not always straightforward, especially if your company has experienced recent growth.
This guide outlines what is a 401(k) audit, when is it required, the penalties you may incur if a required audit does not occur, and what to do if you’re unsure about your company’s obligations.
What Is a 401(k) Audit?
A 401(k) audit is a formal review of your retirement plan conducted by an independent CPA.
During the audit, the CPA will, among other items, evaluate plan documents, financial data, payroll data, and participant records.
The goal of the audit is to obtain reasonable assurance that your plan is operating correctly and complies with federal regulations, including the Employee Retirement Income Security Act (ERISA), Department of Labor rules, and IRS guidelines.
While the word “audit” can sound intimidating, the process is designed to promote transparency and ensure your plan is in good standing.
When Is a 401(k) Audit Required?
When Is a 401(k) Audit Required?
A 401(k) audit is mandatory when your plan has 100 or more participants with account balances as of the beginning of the plan year, if you have filed as a “large plan” in the prior year. That specific timing matters. Eligibility is calculated based on participants with account balances as of the start of the year, not just an average or peak participants with account balances.
Even if your current employee headcount is below 100, you may hit the audit requirement due to former employees who still have a balance in the plan.
If your count meets or exceeds 100 (and you filed as a “large plan”), you are required to submit an audit report along with your Form 5500. Missing this deadline can result in significant fines and a higher risk of investigation.
If you’re approaching the 100-participant mark, ask your plan administrator or recordkeeper for a detailed report at the beginning of the year. That data is your starting point for determining if an audit is required. DHJJ or your plan administrator may be able to assist you in analyzing if your Plan allows for certain former employees to be removed from the plan, to keep your participant account balances below 100.
Are There Exceptions to the First-Time Audit Requirement?
Yes, and if your participant count is hovering near the 100-participant threshold, it’s worth understanding the two most common exceptions that may help you avoid an audit, at least temporarily.
1. The 80-120 Participant Rule
This is one of the most helpful provisions for growing businesses. If your plan has between 80 and 120 participants , you may generally continue to file as a “small plan” if you were classified as a “small plan” in the previous year. “Small plans” do not require the financial statement audit. This exception is known as the 80-120 Participant Rule, and it’s built into the Form 5500 instructions.
For example, if you filed as a “small plan” in 2023 and have 115 participants in 2024, you may continue to file as a “small plan” in 2024, thereby not requiring the financial statement audit. Once you’ve reached 120 participants, you must file as a “large plan” and complete a financial statement audit. The financial statement audit requirement remains until your participant count drops below 100.
2. The Short Plan Year Rule
Another exception applies when your plan has a short plan year, defined as seven months or less. If your current or prior plan year was shortened (for example, due to a plan year-end change), you may be able to defer the audit requirement for that short period.
For example, your fiscal year changed from June 30 to December 31, resulting in a short year ending December 31, 2024. The audit for that short period may be deferred and included with the audit for the full 2025 plan year instead.
Both exceptions are valid under the Department of Labor’s reporting rules and can help you avoid rushing into a first-time audit unprepared.
What Happens If You Don’t File a Required Audit?
Failing to file a required 401(k) audit is more than a compliance oversight. It can quickly become a costly problem.
If you submit your Form 5500 without the required audit report, the Department of Labor may reject it outright. That can lead to late filing penalties that often exceed $2,500 per day, and those fines may be applied by both the DOL and the IRS.
Noncompliance can also increase the likelihood of a plan audit by either the DOL or the IRS, with the ultimate risk of the plan losing its tax-exempt status. That creates a significant tax burden for both your business and your employees.
How Much Does a 401(k) Audit Cost?
Costs vary depending on the size of your plan and the complexity of your business. For companies with 100 to 150 participants, most audits fall in the range of $10,000 to $15,000. If your business has multiple locations, separate payroll systems, or other complexities, there may be additional cost considerations.
Some firms offer flat-fee pricing, while others charge based on hours or scope. Make sure you know what is included in the audit fee. Ask whether it covers coordination with your TPA, assistance with the Form 5500, and post-audit follow-up.
Choosing a firm based on price alone can be risky. You need someone with deep knowledge of ERISA law and experience working with businesses like yours.
Who Performs 401(k) Audits?
A 401(k) audit must be completed by an independent CPA. But not every CPA has the background to do this well.
Look for a firm with a strong track record in ERISA audits and retirement plan compliance. Your auditor should be familiar with how plans operate, including eligibility tracking, contribution rules, and potential plan document errors.
The right auditor will not just review your records. They will ask questions, identify risks, and make sure your plan is operating as it should. In many cases, they can help you correct issues before they become problems with regulators.
Not Sure Where Your Company Stands?
If your business is approaching 100 employees, or if your 401(k) plan has grown due to recent hiring or an acquisition, it’s time to take a closer look.
Start by requesting a participant count from your recordkeeper. Review your plan’s eligibility rules and identify how they apply to your current and former employees.
If you still have questions, connect with a CPA who specializes in 401(k) audits. A short consultation now can prevent a major compliance issue later.
What’s Next If You Think You Might Need a 401(k) Audit?
Understanding when a 401(k) audit is required is an important part of managing your retirement plan and your business. It reflects your company’s operational health, protects your employees, and reduces risk with regulators.
At the end of the day, confusion around retirement plan compliance is extremely common, especially for growing businesses. If you’re nearing 100 employees or already over that line, the time to take action is now. You’ve been empowered with the knowledge to avoid penalties, stay compliant, and make informed decisions about your plan.
Your next step is to speak with your third-party administrator or a CPA experienced in retirement plan audits.
At DHJJ, we work with growth-focused companies that are navigating increasing complexity. If you are unsure about your plan’s audit requirements, we are happy to help you evaluate your situation and take the right next steps.
You don’t have to navigate this alone. Let’s make sure your plan is audit-ready, so you can stay focused on growth.
