401(k) Compliance & Audit Guide for Plan Sponsors

Managing a 401(k) plan requires consistent oversight. Plan sponsors must follow Department of Labor (DOL) and IRS rules, maintain documentation, and monitor internal processes so the plan operates according to its written terms. When gaps appear, fiduciary risk increases for both the organization and plan participants.

What Is 401(k) Compliance?

401(k) compliance involves managing a retirement plan pursuant to ERISA, IRS tax qualification, and the plan’s written document. Plan sponsors must follow eligibility restrictions, contribution limits, plan changes, reporting requirements, and fiduciary duties throughout the year.

Key 401(k) Compliance Requirements

401(k) compliance requirements focus on making sure the plan operates according to its written document and applicable ERISA rules. Plan sponsors must also deposit employee contributions on time, apply IRS contribution limits and nondiscrimination testing correctly, file Form 5500 accurately, and maintain documentation that demonstrates proper fiduciary oversight.

What 401(k) Compliance Means for Plan Sponsors

Plan sponsors are responsible for:

• Operating the plan according to its written document
• Depositing employee contributions on time
• Following eligibility and vesting rules
• Applying contribution limits correctly
• Filing Form 5500 accurately and on time
• Maintaining proper documentation

Plan sponsors act as fiduciaries under ERISA and must monitor service providers, review plan fees, document oversight decisions, and protect participant data and assets. The DOL outlines ERISA fiduciary responsibilities in its guidance.

Operational errors can escalate quickly if not corrected.

When Does a 401(k) Plan Require an Audit?

Although this guide focuses on compliance responsibilities, many sponsors eventually encounter audit requirements as their plan grows.

Once a 401(k) plan qualifies as a “large plan” for Form 5500 reporting, it must obtain an independent audit. That classification depends on the participant count at the beginning of the plan year.

Reaching audit status does not change compliance responsibilities, but it increases scrutiny. Contribution timing, eligibility tracking, internal controls, and documentation become subject to independent testing.

Because participant counting rules and transition provisions affect filing status, sponsors should confirm their classification carefully.

To learn how the 100-participant threshold, the 80–120 transition rule, and participant counts affect Form 5500 audit requirements, see our guide When Is an Employee Benefit Plan Audit Required?

401(k) Contribution Limits and Legislative Updates

The IRS adjusts contribution limits regularly to reflect inflation. When that happens, sponsors should check payroll systems and test calculations. That keeps employee and employer contributions within the allowed limits.

Recent legislation has also reshaped several aspects of 401(k) administration. The SECURE Act and SECURE 2.0 introduced requirements affecting automatic enrollment for certain plans, expanded eligibility for long-term part-time employees, and revised rules tied to catch-up contributions and required minimum distributions. In practice, implementing these changes often requires coordination among payroll teams, recordkeepers, and plan administrators so operational processes and plan documentation remain aligned.

For additional detail on these provisions and their implementation timelines, see our SECURE Act & SECURE 2.0 Implementation Guide.

Plan Amendments and Required Updates

The IRS provides a Required Amendments List identifying provisions retirement plans must adopt within specific timeframes. Most plan sponsors keep an eye on those updates alongside discretionary and interim amendments, so important changes aren’t missed.

When amendment deadlines slip, compliance risk tends to increase. Plan operations should still line up with the written plan document. If the plan begins following updated rules before the document is formally amended, that gap can show up during an audit or regulatory review.

Forfeitures and Employer Contributions

Forfeitures occur when participants leave before fully vesting in employer contributions. Plans may apply forfeitures to reduce employer contributions, pay plan expenses, or allocate additional contributions to participants.

IRS regulations governing qualified plans and forfeiture treatment are outlined in the IRS 401(k) plan overview. Improper handling of forfeitures has become a focus area in some audits. Clear documentation and consistent allocation methods help prevent issues.

Correcting 401(k) Operational Errors

Even well-managed plans encounter mistakes. The IRS and DOL provide correction programs that allow sponsors to address operational failures, late deposits, missed eligibility, and other issues before they escalate.

For a detailed explanation of available correction pathways — including IRS self-correction options and DOL voluntary programs — see our Correction Programs Guide for Retirement Plan Sponsors.

Prompt action typically reduces penalties and demonstrates good-faith compliance.

Common 401(k) Audit Findings

During benefit plan audits, certain issues appear more often than others. Auditors regularly encounter problems such as:

• Late remittance of employee deferrals
• Incorrect employer match calculations
• Misapplication of eligibility rules
• Missing or incomplete loan documentation
• Improper hardship withdrawals
• Gaps in internal control documentation

These issues often trace back to payroll changes, staff turnover, or simple miscommunication between service providers. Regular compliance reviews can catch many of them before an audit begins.

Key Compliance Red Flags for Plan Sponsors

Certain situations increase compliance risk or audit scrutiny.

Top Compliance Red Flags for Plan Sponsors

1. Participant count approaching 100
2. Rapid workforce growth
3. Payroll or recordkeeper transitions
4. Uncorrected operational errors
5. Missed amendment deadlines
6. High turnover in HR or finance teams
7. Delayed contribution deposits

When these issues start appearing, it’s usually a good time to review your compliance processes. Early attention often prevents bigger audit problems later.

Preparing for a 401(k) Plan Audit

Preparation makes audits smoother and more predictable.

Sponsors should begin by gathering key documentation, including plan documents and amendments, summary plan descriptions, payroll records, contribution remittance reports, participant census data, and loan documentation.

Sponsors should also review oversight materials from service providers, such as SOC 1 reports from recordkeepers or third-party administrators, and make sure cybersecurity practices align with DOL guidance on plan data protection.

Find out who your auditor’s main contacts are and confirm timelines well before filing deadlines. Early communication between payroll providers, TPAs, recordkeepers, and finance teams helps avoid delays and missing paperwork during the audit process.

For a broader overview of audit timelines and documentation expectations, see our Employee Benefit Plan Audit Services page.

401(k) Compliance Checklist

Even well-managed plans can develop compliance gaps over time — especially as workforce size, payroll systems, or legislation change.

Before focusing on audit preparation, conduct a structured compliance review using our 401(k) Compliance Checklist for Plan Sponsors.

A routine compliance review strengthens fiduciary oversight and reduces exposure long before an audit begins.

Maintaining Ongoing 401(k) Compliance

401(k) compliance requirements change as legislation evolves and organizations grow. Plan sponsors approaching audit thresholds or experiencing operational changes often benefit from reviewing their compliance processes before filing deadlines approach.

For plan-specific audit guidance, visit our Employee Benefit Plan Audit Services page.