If your organization offers a 401(k) retirement plan, you have a fiduciary responsibility to make sure the plan is compliant, transparent, and operating in the best interest of your employees. For employers with 120 or more eligible participants at the start of the plan year, a third-party audit by an Independent Qualified Public Accountant (IQPA) is not optional. But even if you’re not legally required to undergo an annual review, conducting a proactive 401(k) plan self-audit is a smart way to uncover issues before they result in penalties or employee complaints.
Let’s walk through six areas that are frequently overlooked during a 401(k) internal audit and how to catch these mistakes before the IRS or Department of Labor (DOL) does.
Your 401(k) plan must follow the terms outlined in its official plan document. That includes eligibility criteria, vesting schedules, distribution rules, loans, hardship withdrawals, and more. But here's the catch: many employers forget to update their documents when laws change or when they change payroll vendors or HR systems.
Self-Audit Tip:
✔ Check if your plan document reflects your current processes and the latest regulatory requirements.
✔ Compare your plan document to how your payroll and HR systems are actually operating.
When it comes to 401(k) participation, getting eligibility wrong, even by a few months, can lead to serious consequences. Under the SECURE Act and SECURE Act 2.0, long-term, part-time workers must be allowed to participate in your 401(k) plan if they meet specific service requirements.
Self-Audit Tip:
✔ Review how your time-tracking and payroll systems determine eligibility.
✔ Ensure you’re including part-time employees who have worked at least 500 hours in three consecutive years (starting in 2024).
✔ Beginning in 2025, the requirement changes to 500 hours in two consecutive years.
Need a smarter way to track hours and eligibility?
One of the most common 401(k) compliance issues is incorrect contributions, either due to manual payroll errors or integration failures between systems. Additionally, employee and employer contributions cannot exceed the limits defined by the IRS.
Self-Audit Tip:
✔ Confirm employee deferrals are correctly calculated and withheld from each paycheck.
✔ Verify employer match contributions align with your stated policy.
✔ Make sure these contributions are reflected accurately on pay stubs and W-2 forms.
Want fewer payroll mistakes? Our Payroll Software automates deductions, tax filings, and benefits contributions—seamlessly.
According to the DOL, employee deferrals must be deposited into the plan “as soon as administratively possible,” generally within 7 business days for small plans or no later than 15 business days after payday for larger plans. Many employers mistakenly think they have a full 15 days after the pay date, but the deadline is strict.
Self-Audit Tip:
✔ Review how quickly your payroll provider is remitting funds to your 401(k) custodian.
✔ Set up reminders or automated workflows to avoid delays.
Plan loans, hardship withdrawals, early distributions, and required minimum distributions (RMDs) each have specific rules under the IRS code. Errors in processing these can result in tax penalties for employees and liability for you.
Self-Audit Tip:
✔ Make sure only eligible participants are receiving distributions.
✔ Confirm that hardship withdrawals and early distributions have the correct income taxes withheld and any applicable early withdrawal penalties applied.
✔ Check that loans and withdrawals follow the plan document’s criteria.
From annual fee disclosures to automatic enrollment notifications, 401(k) plans come with multiple employee notice requirements. Missing even one required document can open you up to fines.
Self-Audit Tip:
✔ Confirm participants have received the Summary Plan Description (SPD), Summary Annual Report (SAR), and annual fee disclosures.
✔ Are special notices, such as the ones for automatic enrollment, required? What about employee consent?
Need help keeping up with required notices? Our HR Compliance Services can help you stay ahead.
If your plan is subject to annual nondiscrimination testing, make sure internal processes aren’t setting you up to fail. Coordinating with your third-party administrator and ensuring accurate census data is critical.
While a self-audit is valuable, 401(k) compliance is complex, and the consequences of mistakes are costly. Employers are encouraged to work with legal and financial professionals, especially when making plan changes or interpreting IRS guidance.
©2025 - Content on this blog is intended to provide helpful, general information. Because laws and regulations evolve, please consult an HR professional or legal expert for guidance specific to your situation.