It is not reasonable for each enterprise to develop their own post quantum solutions, but there are planning steps that can be taken. Enterprises will continue to rely on major hardware and software vendors for new solutions, but enterprises cannot just wait for solutions to become available. The vendors relied upon for operating systems, security devices, software, and other technology resources will undoubtedly play a huge role, but enterprises need to be preparing for how those changes will be implemented in their individual environments. Many vendors are touting quantum safe solutions, but if those solutions do not operate with the rest of an enterprise’s system, they provide little to no value. At this point, every enterprise should be identifying and inventorying their systems, assessing the potential impact on each system, and planning for alternatives and updates.

Public Certificates

Some of the first impacts will likely be seen related to digital certificates purchased from publicly trusted certification authorities (CAs). These certificates are most used for transportation layer security (TLS) connections, and are most common between an enterprise’s website and customers. They are also used to sign software code that will be delivered to customers and trusted by the customer’s operating systems, and to enable secure email through secure/multipurpose internet mail extension (S/MIME). The basis for these certificates is to establish trust between an organization and external parties.

Since that external party can be either known or unknown, these certificates must be trusted publicly and therefore come under a high level of industry regulations and scrutiny. The public CAs that offer these certificates and the web browsers and software designers that trust these certificates are monitoring developments closely. They will likely be some of the first parties to push regulations. New regulations must be tempered and not be rolled out so fast they break all the connections they are attempting to secure.

Public CAs are performing a lot of the planning for post quantum changes, but enterprises need to be prepared for their role in the process. The webservers operated by enterprises are responsible for generating keys used for authenticating the website and encrypting the traffic. Enterprises need to inventory all webservers, email systems and other systems that interface with public certificates. The algorithms accepted by these systems need to be inventoried to allow the enterprise to track when updates are required based on new algorithms being put in place. Updates will likely need to be deployed quickly to minimize downtime. Systems that are not supported for updates will likely need to be replaced.

Separate from quantum computing, public certificates are expected to see their lifecycles shortened significantly in the next few years. This is especially true for TLS certificates. Inventorying these systems and developing automated tooling to manage the certificate lifecycle will help enterprises be better prepared for whatever changes come their way.

Internal Systems

Internal systems impacted by vulnerabilities from quantum computing are more difficult, because they are likely greater in number and will not benefit from direct support from public CAs. Enterprises systems that will become vulnerable can include VPN connections to remote devices, single sign on tooling, and database encrypting software, just to name a few. These systems can also include physical security devices, such as badge readers and security cameras. While these systems are not always externally facing, they are a critical part of the enterprise’s defense in depth approach to cybersecurity. Enterprises should start with inventorying all systems that utilize encryption or authentication mechanisms, especially focused on those with key pairs and shared secrets.

Just as with systems that utilize public certificates, internal systems will need to be updated to utilize new algorithms in a post quantum environment. Assessing the risk involved with each system will help enterprises prioritize the criticality of updates. Dataflow diagrams will help enterprises determine systems that interact with each other. System to system authentication is often overlooked, but are critical to operations. Data flows between different systems within an enterprise will likely be impacted by updating required algorithms and could break connections. Enterprises need to consider risks related to security and availability when evaluating systems. Some systems might be behind enough layers of security and not critical for immediate updates. These systems also might not support updates as easily.

Most enterprises are not at the stage to test new quantum computing safe algorithms and developing corresponding hardware and software. As always, vendors will play a significant role in the process of preparing for a post quantum time. Maintaining an inventory of vendors and the points of reliance will be critical to an enterprise’s strategy. Major vendors that provide operating systems, significant security systems, and cloud providers, are likely top of mind, but enterprises will need to dig deeper. Consider backup vendors that encrypt files, copiers and printers, and hardware vendors. Hardware that is not configured to support new algorithms could bring operations to a grinding halt. Hardware has integrated features for disk encryption and boot processes. These systems will likely not be easily updated for new algorithms, because keys can be burned into the chips.

Once an enterprise completes a full inventory and the risk to each system has been assessed, an enterprise will need to evaluate the strategy to address each system. Vendor supplied patches might be an easy solution, but will need to be applied as connecting systems are made compatible. Internally developed systems might require custom updates, and some systems might need to be replaced. For those systems that cannot be updated, consider looking to a vendor that can supply supplemental systems to add post quantum support to legacy systems. These solutions will become more popular as some enterprises determine which systems are inflexible, for the time being.

After inventorying systems and assessing risk, enterprises should begin developing and testing plans to move to quantum safe algorithms, also known as post quantum cryptography (PQC). The National Institute of Standards and Technology (NIST) has laid a lot of groundwork and narrowed the list of recommended PQC algorithms to a few promising options. While the list is still being scrutinized, enterprises can begin testing methods to change key pairs and deploy updates in an efficient manner. It is still unknown the exact changes we will need to make to be prepared for a post quantum world, but understanding what systems require changes and testing process to make those changes will put every organization in the best position to respond quickly.

Hybrid certificates, which have both current key pair, such as RSA keys, and PQC keys, are gaining popularity as a transition tool. These certificates allow for multiple signature algorithms. This allows enterprises to still rely on traditional algorithms, while testing quantum safe algorithms. These certificates might allow organizations to test their readiness while not taking down systems in the process. This will also allow for testing various PQC algorithms while the industry is still evaluating various options.

Conclusion

The two biggest takeaways in preparing for PQC are know your enterprise and remain flexible. All Enterprises should consider a three-step approach to knowing its environment. They should identify/inventory, assess risk, and plan for remediation of the assessed risks. The identify and inventory process should not be taken lightly, because it will lay the groundwork for preparing the enterprise. There are several organizations looking to sell quantum safe solutions, but if those do not function within your enterprise profile, it could make for a long and expensive process. Make sure you work to understand your entire organization before implementing changes.

In December 2023 a significant vulnerability was discovered in a leading quantum safe suite algorithm, CRYSTALS-Kyber (Cryptographic Suite for Algebraic Lattices). This vulnerability does not impact the underlying encryption math, but rather the implementation. This is a good example of why an enterprise needs to remain flexible. Developing new technology will be bumpy, and new patches and fixes will be required frequently. The ability to flex between multiple algorithms and implementations will allow an enterprise to adapt to the quickly changing environment.

Written by Tim Crawford. Copyright © 2024 BDO USA, P.C. All rights reserved. www.bdo.com

The full list can be found here.

In addition to understanding the far-reaching implications that could help avoid missteps with LTPT employee eligibility and revised participant headcounts, we will explore how to correct any missteps that have already occurred.

New eligibility opportunities for long-term, part-time employees

Prior to the SECURE Act of 2019 and SECURE 2.0 Act of 2022 (collectively SECURE), employers could exclude employees from their tax-qualified defined contribution plans based on the number of hours they worked per year. Typically, this meant that part-time employees were ineligible to contribute to their employer’s retirement plan — no matter how many years they had worked for their employer. An IRS Employee Plans Newsletter issued on January 26, 2024, defined LTPT employees as workers who have worked at least 500 hours per year in three consecutive years, although the consecutive year condition will be reduced to two years in 2025.

SECURE expanded LTPT employee access to employer retirement plans by requiring 401(k) plans to allow employees that meet the LTPT requirements to make elective deferrals starting with the first plan year beginning on or after January 1, 2024. Employers are not required to make employer contributions for LTPT employees.

However, the burden of identifying, notifying, and enrolling these newly eligible LTPT employees falls on the employers. Failing to inform LTPT employees of their eligibility as of January 1, 2024, may have resulted in non-compliance. To rectify any compliance issues, employers can consider using the IRS amnesty program known as the Employee Plans Compliance Resolution System (EPCRS).

It is essential to understand this new requirement because LTPT employee eligibility may affect two other administrative functions for plan sponsors: Form 5500 filing and the annual employee benefit plan audit requirement.

A key change when counting participants for Form 5500

Prior to 2023, IRS Form 5500 — an essential part of ERISA’s reporting and disclosure framework — required defined contribution retirement plan sponsors to include employees who were eligible to make elective deferrals on the first day of the plan year. In most organizations, LTPT employees would be excluded from this headcount unless the employer’s plan allowed them to make contributions to the retirement plan.

Now, employers need only include participants with an account balance in the defined contribution retirement plan as of the first day of the plan year (but, for new plans, the participant account balance count is determined as of the last day of the first plan year). This may sound like a simple change, but the potential increase in participants who are LTPT employees complicates the matter.

The impact on a plan’s audit requirement

An organization’s obligation to have an annual audit of its retirement plan is dependent on the number of plan participants as of the first day of the plan year.

Beginning with the 2023 plan year, defined contribution plans that have more than 100 participant accounts as of the first day of the 2023 plan year generally must have an annual independent audit. Before 2023, all plan participants who were eligible to make salary deferrals were included in headcounts as participants even if they had not made any plan contributions. The DOL changed the rules starting in 2023 to include only those with account balances as participants. Keep in mind that the number of participants can be decreased by taking advantage of rules that allow distributions of small account balances (accounts valued at less than $7,000 starting in 2024) to former participants, if the defined contribution plan adopted these provisions.

The audit requirement of plans with 100 or more employees may change since employees without account balances are no longer counted. An organization may find that the defined contribution plan no longer requires an audit if eligible employees have not contributed to the 401(k) plan, but the audit requirement may be triggered when previously excluded LTPT employees begin to make elective deferrals.
Navigating the new normal for certain retirement plans

The LTPT employee rules take effect for plan years beginning on or after January 1, 2024 (for calendar-year end plans). If your organization missed the deadline to allow LTPT employees to participate in your plan, the good news is that there is a path to compliance. However, implementing these complicated changes in the law requires in-depth knowledge of the complex issues surrounding tax-qualified retirement plans. Experienced consultants can provide guidance and support throughout the process in the following ways:

• Analyze plan documents and employee data to identify any compliance gaps or issues that need to be addressed
• Engage in detailed discussions with plan sponsors to explain the intricacies of the changes and helping them understand the necessary steps to ensure compliance
• Facilitate communication with service providers to aid in a smooth transition and implementation of any required changes
• Calculate corrective actions required to rectify any non-compliance issues and confirm future compliance
• Guide the employer in enrolling in the IRS’s amnesty program (EPCRS), if necessary, to self-report non-compliance issues
• Help plan sponsors track the path taken to incorporate the necessary changes into the plan documents, to ensure ongoing compliance and avoid future issues
• Discuss Form 5500 preparation considerations, including participant head count

Contact David McKay, Assurance Partner, learn more.

This recognition can be contributed to the hard work and dedication of our team members, the loyalty of our clients, and the consideration of our friends of the firm. Michelle Walsh, Chief Operating Officer, had this to say about the recognition,

Without the hard work and dedication of our team, we would not be part of such a list.”

We are honored to be included in this list of the highest ranked accounting firms in the state.

During these deliberations, our representatives passionately advocated for our clients’ interests. The focal points of the discourse encompassed future budget planning and the imperative need to enhance reimbursement rates for critical healthcare services, specifically in the domains of urgent care, primary care, and outpatient specialty services.

We articulated a compelling case underscoring the indispensable role played by our private physician groups and urgent care clinics. This perspective was framed within the context of serving the extensive membership of over 2.3 million MassHealth beneficiaries. The emphasis throughout was on the pivotal contribution these entities make in ensuring comprehensive access to healthcare across the entire continuum of care for our constituents.

This strategic engagement marks a pivotal advancement in acknowledging the vital healthcare services our clients deliver to the most vulnerable patients and underserved communities throughout the state. It represents a noteworthy step forward in fostering a healthcare landscape that is responsive to the needs of our diverse population.

To learn more about Edelstein’s Healthcare Consulting services, contact Joanna Lambert at jlambert@edelsteincpa.com.

A construction contract audit is typically conducted at the culmination of a project as an opportunity for project owners to affirm that all contractual agreements were upheld and address any financial discrepancies. While they are a helpful tool in this capacity, conducting contract audits earlier in a project — and more frequently — may help identify potential risks sooner, as well as identify areas for possible cost savings.

Construction contract auditing is a safeguarding practice that can help you reduce the likelihood of project disputes and legal issues that could directly impact your bottom line. Ultimately, audits provide project owners with greater control over their contracts.

Objectives of Construction Contract Audits

The most common use for construction contract audits is verifying that all parties involved in a project adhere to the terms and conditions outlined in the contract. This includes verifying project costs against contractual obligations. By enforcing contractual compliance, audits help contribute to fair and transparent project execution, reducing the likelihood of disputes and legal issues.

Another key objective of a construction contract audit is to establish cost control. These audits are instrumental in safeguarding effective budget management and financial controls throughout the project. An audit will meticulously examine invoices and project records to catch any discrepancies that may lead to overpayments. By reviewing the cost structure, audits can help prevent budget overruns, identify areas for potential cost savings, and ensure financial resources are allocated efficiently across the project.

The financial transparency provided by periodic contract audits can make them even more compelling in the face of continued supply chain constraints and a challenging economic environment. Companies may use audits to help recover overpayments made during a project and empower project owners to rectify financial errors and protect their interests.

Insight

Contract audits are a critical tool to help owners of construction projects in the following areas:

• Financial Control and Compliance: Audits assess and manage project costs, ensuring that resources are used efficiently and that projects are completed within budget.
• Risk Management: Audits help identify potential risks early in the construction process, allowing for timely mitigation strategies to be implemented, and reducing the risk of project delays and cost overruns.
• Quality Assurance: Audits enhance the quality of work performed and materials used in construction by ensuring that the final product meets the required standards and specifications.
• Schedule Adherence: Audits can monitor a construction project and determine if it is progressing according to the established schedule. Delays can be addressed promptly, allowing the project to stay on schedule.
• Contractual Compliance: Audits review contracts and agreements to ensure that owners, contractors, subs, and other stakeholders are meeting their obligations.
• Fraud Prevention: Audits expose fraudulent activities or discrepancies throughout transactions. This is essential to maintaining the integrity of a construction project and preventing financial losses.
• Documentation and Record Keeping: Audits verify the accuracy of project documentation and records. Proper documentation is critical for future reference, dispute resolution, and accountability.
• Communication: Audits promote transparency amongst stakeholders by providing an objective assessment of the project’s financial and operational performance. This transparency can promote trust and increase communication among stakeholders.
• Continuous Improvement: Audits provide an opportunity for project teams to learn from past experiences. By identifying areas of improvement, future projects can be better planned and executed.

Timeline Considerations

While many project owners are familiar with close-out audits performed at project completion, construction contract audits come in several forms and can be conducted at various stages of a project’s timeline. Each serves a specific purpose in risk mitigation.

Close-out audits are generally performed to verify that legal compliance requirements have been met and that the project adheres to contractual obligations and applicable regulations. These audits also aid financial reconciliation and address any related discrepancies or irregularities. Project owners find close-out audits to be a helpful tool for measuring the overall success of a completed project.

Construction contract audits are most effective when started from the pre-construction phase. Pre-construction audits offer a proactive approach to project and cost management. These audits run at a project’s outset and play a vital role in preventing overbilling by notifying contractors upfront of the rigorous financial standards in place and the expected level of diligence required.

In addition to considering a pre-construction audit, project owners may find conducting early audits during the project to be beneficial. Early audits aid in the timely detection of potential risks and help companies identify areas for possible cost savings. They also enable early course correction, which could save on potential issues at a later stage.

Value of Proactive Audits

The construction industry is built on relationships. Strong relationships foster effective collaboration and communication and help meet execution expectations, goals, and timelines. That said, maintaining a strong relationship with contractors, subcontractors, and suppliers does not negate the need for audits. Conversely, audits — especially those that are proactive — serve as a mechanism to improve processes and in many cases can strengthen relationships by transparently identifying areas for improvement and growth.

By taking a proactive approach, such as conducting front-end construction contract audits, project owners may unlock more substantial cost savings and risk reduction than by waiting until after issues arise. Front-end construction contract audits can help set appropriate guardrails for budgetary management and financial control. They also help in the efficient allocation of financial resources across the project.

Maintaining an early audit schedule can also help mitigate risk and guard against surprises as a project progresses. This practice can allow project owners to address any nascent issues related to contract administration, procurement, and overall governance — setting a strong foundation for the remainder of a project.

In the ever-evolving construction landscape, contract changes, supply chain disruptions, and other external factors are expected to pose new compliance challenges that require vigilant auditing. Proactivity also means keeping up with the latest practices and audit innovations, such as the use of generative AI to help stay agile and alert to emerging compliance challenges while unlocking value across the project.

Safeguard Your Bottom Line

The construction industry is evolving, with new and increased risks that call for proactive audit strategies.

A proactive approach, such as initiating front-end audits or pursuing audits at different stages of project completion, can help bolster risk mitigation, cost control, and contractual compliance.

Owners may be tempted to rely on contractors, architects, and contract managers having the project’s best interest in mind. However, it is unrealistic to expect all stakeholders, including employees and subcontractors, to operate with the owner’s best interest as their top priority at all times. Additionally, even if the stakeholders do have the best of intentions, errors can impact billings, and a construction contract audit is another line of protection against those errors.

Waiting until the end of a project to audit, as the industry has traditionally done, can lead to increased litigation, claims, and difficulties in recovering funds. Early audits not only help save costs, but also provide project owners greater control over their contracts.

Construction audits contribute to the overall success of construction projects by providing greater insight into financial accountability, adherence to quality standards, risk management, and compliance with contractual obligations. They serve as a valuable tool for project owners, investors, and other stakeholders to monitor and help optimize the construction process.

Written by Janet Smith. Copyright © 2024 BDO USA, P.C. All rights reserved. www.bdo.com

JANUARY

• 15 / Fund: Possible fourth quarter 2023 contribution due for defined benefit pension plans.
• 31 / Action: File IRS Form 945, Annual Return of Withheld Federal Income Tax, by January 31 for non-payroll income taxes, such as taxes withheld by retirement plans, during 2023.
• 31 / Action: Distribute IRS Form 1099-R to participants by January 31 for 2023 retirement plan distributions.
• Best Practice: Plan sponsor should confirm the accuracy of the prior year’s census data to the recordkeeper. This information is used for ADP/ACP testing, among other things.

FEBRUARY

• 28 / Action: File IRS Form 1096, Annual Summary and Transmittal of US Information Returns, with IRS if using paper transmittal by February 28 for 2023 tax year.
• 28 / Action: File IRS Form 1099-R in paper format with the IRS by February 28 for 2023 retirement plan distributions.
• Best Practice: Review and approve compliance testing results sent by plan administrator.

MARCH

• 15 / Action: Highly compensated employees who fail ADP/ACP test for prior plan year must have refunds processed by March 15 (other than eligible automatic contribution arrangements).
• 15 / Fund: Partnerships and S Corporations that are not getting an extension must fund employer contributions to receive tax deduction for the prior year.

APRIL

• 1 / Action: 401(k) plans with publicly traded employer stock that follow Article 6A of the Regulation S-X (SEC format) must file Form 11-K with the Securities and Exchange Commission by April 1.
• Note: The IRS “weekend rule” does not roll the April 1 deadline to the next business day if April 1 falls on the weekend or holiday.
• 1 / Action: Recordkeeper (or other responsible party) completes and files Form 1099-R electronically with the IRS by April 1 for 2023 retirement plan distributions.
• 1 / Action: April 1 deadline for 5% business owners and terminated participants who turned 73 in 2023 to receive their required minimum distribution (RMD). Note: the IRS “weekend rule” does not roll the April 1 deadline to the next business day if April 1 falls on the weekend or holiday.
• 15 / Fund: April 15 possible first quarter 2024 contribution due for defined benefit pension plans (i.e., contribute by April 15 before the weekend, as contribution deadlines are not extended to the next business day).
• 15 / Distribute: Participants who contributed over 402(g) or 415 limits in the previous year must be refunded the excess amount by April 15.
• 15 / Action: File PBGC Form 4010, Notice of Underfunding for single-employer defined benefit plans with more than $15 million aggregate underfunding by Monday, April 15.
• 15 / Fund: C-Corporations and Sole Proprietors that are not getting an extension must fund employer contributions by April 15 to receive tax deduction for the prior year.
• 15 / Fund: IRA contributions for the prior tax year must be funded by April 15.
• 29 / Action: Send annual funding notice to participants of single and multi-employer defined benefit plans over 100 participants by April 29.

JUNE

• 28 / Action: 401(k) plans with publicly traded employer stock must file SEC Form 11-K with the Securities and Exchange Commission by June 28 or file an extension on SEC Form 12b-25.
• 30 / Action: Highly compensated employees who fail ADP/ACP test for prior plan year must have refunds processed by June 30, if an eligible automatic contribution arrangement (EACA).

JULY

• 15 / Action: 401(k) plans with publicly traded employer stock that requested a 15-calendar day extension (SEC Form 12b-25) for the SEC Form 11-K must file the SEC Form 11-K with the Securities and Exchange Commission by July 15.
• 15 / Fund: Possible second quarter 2024 contribution due for defined benefit pension plans by July 15.
• 31 / Action: File IRS Form 5500, Annual Return/Report of Employee Benefit Plan, and IRS Form 8955-SSA, Annual Registration Statement Identifying Separated Participants with Deferred Vested Benefits, for the 2023 plan year by July 31.
• 31 / Action: To request an extension of time to file IRS Form 5500, file IRS Form 5558 by July 31.

SEPTEMBER

• 15 / Fund: If an extension was filed, September 15 is the deadline to fund employer contributions for Partnerships and S-Corporations.
• 15 / Fund: September 15, last date to make 2023 contributions for single and multiemployer defined benefit pension plans.
• 30 / Action: September 30, Distribute Summary Annual Report (SAR) to participants if the Form 5500 was filed on July 31.

OCTOBER

• 3 / Action: Distribute annual notices to participants no earlier than October 3 and no later than Dec 2, including notices for: 401(k) Plan Safe Harbor Match, Automatic Contribution Arrangement Safe Harbor, Automatic Enrollment and Qualified Default Investment Alternatives (QDIA).
• 15 / Fund: October 15 possible third quarter 2024 contribution due for defined benefit pension plans.
• 15 / Action: October 15 is the extended deadline for filing IRS Form 5500 and IRS Form 8955-SSA.
• 15 / Action: October 15 is the extended deadline for filing individual and C-Corp tax returns.
• 15 / Action: If an extension was filed, October 15 is the deadline to fund defined contribution employer contributions for C-Corporations and Sole Proprietors.
• 15 / Action: October 15 to open a Simplified Employee Pension (SEP) plan for extended tax filers.
• 15 / Action: Send annual funding notice to participants of single- and multi-employer defined benefit plans with 100 or fewer participants by October 15.
• 15 / Action: October 15 defined benefit plan PBGC Premium filings and payments due.
• 31 / Action: Single-employer defined benefit plans that are less than 60% funded or are 80% funded and have benefit restrictions triggered must inform participants by October 31 or 30 days after the benefit restriction applies.
• Best Practice: Make sure administrative procedures align with language in plan document.

DECEMBER

• 2 / Action: Distribute annual participant notices no later than December 2. These include notices for: 401(k) Plan Safe Harbor Match, Automatic Contribution Arrangement Safe Harbor, Automatic Enrollment and Qualified Default Investment Alternatives (QDIA).
• 15 / Action: December 15 is the extended deadline to distribute Summary Annual Report (SAR) when the Form 5500 was filed on October 15.
• 31 / Action: December 31 is the final deadline to process corrective distributions for failed ADP/ACP testing; a 10% excise tax may apply.
• 31 / Action: Ongoing required minimum distributions (RMDs) for 5% business owners and terminated participants must be completed by December 31.
• 31 / Action: Amendments to change traditional 401(k) to safe harbor design, remove safe harbor feature or change certain discretionary modifications must be completed by December 31. Amendments to change to safe harbor nonelective design must be completed by Dec 1 of given plan year for 3% or by Dec 31 of the following year for 4% contribution level.
• 31 / Action: Plan sponsors must amend plan documents by December 31 for any discretionary changes made during the year.

In addition to those important deadlines and dates, plan sponsors should be aware of the contribution plan limits and other rolling notices for 2024:

• Traditional and Roth Individual Retirement Account contribution limit is $7,000. Catch-up contributions for participants aged 50 and over is $1,000, which is fixed by law and not adjusted each year.
• Employee salary deferral limit for 401(k), 403(b) and 457 plans are $23,000. The catch-up contribution limit for participants who are age 50 or older in 2024 is $7,500.
• Maximum annual additions (i.e., employee deferrals, employer contributions and forfeitures) that can be allocated to a participant’s defined contribution plan account for 2024 is $69,000.
• Limitation for the annual benefit under a defined benefit plan under Section 415(b)(1)(A) is $275,000.
• The dollar amount used to define “highly compensated employee” under Section 414(q)(1)(B) is $155,000.

BEST PRACTICES:

• Contact your service provider to discuss any required and/or discretionary SECURE 2.0 provisions effective in 2024 to ensure compliance
• Make sure discretionary amendments that impact plan design and administration are executed and implemented timely per IRS regulations
• Make sure administrative procedures align with language in plan document.
• Plans may consider doing mid-year compliance testing to avoid failing applicable annual tests.
• Review and approve compliance testing results sent by plan administrator.
• Plan sponsor should confirm the accuracy of the prior year’s census data to the recordkeeper. This information is used for ADP/ACP testing, among other things.

Finally, in our most recent peer review, two of Kristen’s engagements were selected for inspection which resulted in no finding. We congratulate Kristen for this important career milestone. And, Kristen, thank you for all that you do for our great firm!