A Clean Audit Is Not a Clean Bill of Health

A clean audit does not mean a retirement plan is well-designed, low-cost, or in participants' best interests. Many people hear that a 401(k) plan is "audited" and assume someone has carefully examined whether the plan itself is efficient, fair, and aligned with participants. That isn't what the audit is designed to do.

I recently reviewed the audit of the American Academy of Family Physicians 401(k) Plan, which holds about $95 million in assets. It's a good illustration of how most large ERISA plan audits actually work.

Under ERISA, many plans receive what's called a Section 103(a)(3)(C) audit. In this structure, the auditor verifies that the financial statements agree with the custodian's certification, but does not independently test the underlying investments. Testing would mean examining whether the fees embedded in those funds are reasonable, whether cheaper share classes were available, whether the lineup was selected free of provider conflicts, or whether the lineup is adequately diversified.

Think of it like a home inspector who verifies that the square footage in the listing matches the deed, but never walks through the house. The numbers agree. That tells you nothing about the condition of the property.
In this case, the plan's custodian and trustee certified the investment information, and the auditor wrote:

"Our audits did not extend to the certified investment information…"

But what it does disclose is revealing in its own right:

Administrative expenses may be paid by the employer or the plan, at the employer's discretion

Certain administrative expenses are paid through fees collected directly from the mutual funds

Some investments involve party-in-interest relationships with plan service providers, meaning institutions servicing the plan may also be connected to investment products inside it

None of this is unusual. And that's the point. A retirement plan can receive a clean audit opinion even if it:

embeds compensation inside investment expenses
shifts administrative costs onto participant accounts
includes conflicted provider relationships

That's because the audit is designed to answer a different question. The audit asks whether the financial statements are presented correctly under ERISA reporting and accounting rules. It does not ask:

Are the plan's fees reasonable?
Is service provider compensation reasonable compared to similar plans — and reasonable given the services actually provided?
Are service provider incentives aligned with participants?
Are participants paying costs the employer could easily pay?
Is the investment lineup designed as efficiently as possible?

Those are fiduciary questions, not audit questions.

A clean audit tells us the numbers were reported correctly. The harder question — and the one the audit does not answer — is whether the retirement plan itself is structured in the best interests of the people whose savings are in it.