Top 10 retirement plan internal control pitfalls – and how to avoid them

ARTICLE | July 16, 2025

Authored by RSM US LLP

Executive summary

Operational failures in a retirement plan can have serious consequences, including costly penalties, required corrections, and even disqualification of the plan by the IRS. Beyond regulatory risks, such mistakes can erode employee trust and damage an organization’s reputation. Therefore, it is essential for plan administrators to proactively monitor operations, implement strong internal controls, and address errors promptly to safeguard both the plan’s compliance and participants’ retirement security. This article identifies ten common errors in plan administration and offers strategies for companies to mitigate them.

• #1 Uncashed checks and missing participants
• #2 Failure to timely deposit deferrals
• #3 Failure to timely apply forfeitures
• #4 Failure to properly administer automatic enrollment
• #5 Failure to include all eligible employees
• #6 Failure to use the correct definition of plan compensation
• #7 Failure to issue required minimum distributions (RMD)
• #8 Failure to follow hardship rules
• #9 Failure to follow participant loan rules and violations of Internal Revenue Code (Code) section 72(p)
• #10 Failure to amend a plan for legislative changes on a timely basis

There are millions of dollars in uncashed checks that have been issued from retirement plans and billions in unclaimed benefits. Participants often do not cash their retirement plan distribution check or even know that they have retirement benefits. Here is what typically occurs: An employee participant leaves a company, and the plan sponsor approves the distribution of their account. The plan trustee or custodian sells the investment and puts the proceeds in an omnibus checking account, then sends out the check to the plan participant. Either the participant receives the check and misplaces it or, more commonly, the participant has moved and does not receive the check.

Plan sponsors should be aware that the U.S. Department of Labor (DOL) believes uncashed checks remain plan assets, so the sponsor has a fiduciary obligation to address them. Sponsors also have a fiduciary duty to locate missing participants.

A process should be in place to periodically check with the plan’s custodian to identify uncashed checks and determine what to do about them. Similarly, a process should be in place to identify missing participants. Both of these processes should be performed at least annually. The DOL has provided guidance and best practices that plan sponsors should take into consideration when creating their procedures. For sponsors who have implemented a prudent program to locate missing participants, the DOL recently published a memorandum providing guidance on the appropriateness of escheatment of small plan balances to a state unclaimed property fund.

The DOL has also implemented the Retirement Savings Lost and Found Database which provides a way for plan sponsors, on a voluntary basis, to report unclaimed retirement benefits held by former employees. Individuals can then access the database to look for benefits they may have with former employers.

Back to top

The DOL focuses heavily on this issue; the expectation under the Employee Retirement Income Security Act (ERISA) and related regulations is that plan sponsors must promptly deposit amounts withheld from employees. The rule applies to elective deferrals, loan repayments, and participant voluntary contributions. The determination of a “prompt” deposit is based on a facts-and-circumstances analysis considering the employer’s processes and procedures. Small plans (under 100 participants) have a seven-business day safe harbor window for depositing the withholding without recourse. However, no such safe harbor has been provided for large plans. The DOL regulations provide an example of a large employer with a complex payroll and multiple pay centers noting the deposit time frame was 3-business days, indicating the DOL’s expectation of a quick deposit.

Common reasons an employer has late deposits include inadequate internal support for processing participant deposits (e.g., one individual is responsible for the deposit and is out on vacation or staff has other duties and the remittance is not prioritized), technical issues with payroll or plan recordkeeper systems, and off-cycle pay runs.

Failure to timely deposit employee withholding results in a prohibited transaction which requires a correction to the plan to make the participants whole and may subject the employer to an excise tax reportable to the IRS on Form 5330. An employer can self-correct the error by depositing the withholding, along with lost earnings. Alternatively, the DOL accepts correction submissions through its Voluntary Fiduciary Correction Program (VFCP) for review and approval. Employers should consult with a competent plan advisor or ERISA counsel for the appropriate correction steps.

Back to top

When an employee terminates employment with an unvested balance in the employer’s retirement plan, the unvested balance remains in the plan and is called a forfeiture. Proposed regulations on using forfeitures in retirement planssuggest that forfeitures should be utilized by the last day following the plan year in which they are generated. These regulations basically formalize, for defined contribution plans, what has been the IRS’s informal guidance in the past. Most pre-approved plan documents already include provisions similar to the proposed regulations. Despite this, many plans have thousands of dollars in unallocated forfeitures that have not been utilized within the time period prescribed in their plan document.

The failure to timely manage a forfeiture balance usually stems from the employer not understanding 1) that funds are available, 2) how they can be utilized based on the terms of the plan document, and 3) how to direct the plan recordkeeper to use the funds. Plan documents often provide flexibility in how the forfeitures are used, including to pay plan expenses, offset the funding of employer contributions, or reallocate to participants.

Employers and other plan fiduciaries should be aware that recent litigation has emerged surrounding the use of forfeitures in retirement plans, particularly 401(k) plans. These lawsuits challenge the longstanding practice of using forfeitures to offset employer contributions, a method permitted by IRS regulations. Plaintiffs argue that this practice violates ERISA fiduciary duties, even if the plan documents authorize it.

If an employer discovers there are unused forfeitures, the corrective action is to utilize them. However, they should work with their plan advisors to understand the proper way to use them. For example, can the entire amount be used to reduce the upcoming funding of an employer contributions or does some or all of it need to be allocated to participants for a prior plan year?

Back to top

Many retirement plans automatically enroll eligible employees at a default deferral rate, while still allowing them the option to opt out. The prevalence of auto enrollment is set to rise, as legislation mandates this feature beginning in 2025 for new 401(k) and 403(b) plans established after Dec. 29, 2022, with certain exceptions.

In practice, automatic enrollment is not always automatic. Employers may unintentionally fail to enroll participants, and automatic deferral rate increases in some plans might not be properly implemented. Errors commonly stem from interface issues between the plan provider that monitors the employee’s eligibility and the payroll system. For plans that do not have a direct interface between systems, the manual process of identifying eligible employees and processing the deferral through payroll is susceptible to human error.

When a plan fails to enroll an employee, it results in a missed deferral opportunity (MDO). To correct this, the employer must contribute any missed employer contributions, adjusted for earnings. Depending on the circumstances, the employer may need to contribute 25% or 50% of the missed deferrals, or potentially nothing at all. Because of the importance placed on auto enrollment by Congress and the Department of Treasury, specific safe harbor correction methods have been put in place for such plans, some of which are more advantageous than those available to plans without an auto enrollment provision.

Back to top

Plans without an auto enrollment feature also have issues with determining who is eligible for the plan and properly enrolling them. Commonly excluded employees are rehired employees, leased employees (if not excluded from the plan) and those misclassified as independent contractors. Another group that employers need to be concerned with are long-term part-time (LTPT) employees. An LTPT employee is an employee who worked at least 500 hours in two consecutive years and has attained age 21. For plan years beginning after Dec. 31, 2024, these individuals must be provided the opportunity to contribute elective deferrals. For 401(k) plan years beginning in 2024, an LTPT had to work at least 500 hours in each of three consecutive years. For more information on LTPT employees, see our articles Retirement plan changes for long-term, part-time employees and New guidance on long-term, part-time employee eligibility for 403(b) plans.

The correction for employees excluded from the plan is similar to what was addressed in #4 for plans with auto enrollment. Generally, 50% of missed deferrals are owed to the plan, along with any employer contributions, adjusted for earnings. There has been a concerted focus by the IRS to get plan sponsors to fix errors, so they have made it a lot easier than it was in the past by expanding the self-correction methods available.

Back to top

Compensation also is a significant issue, with potential errors in identifying what compensation is appliable for plan operations being numerous and varied. A common cause is the failure to properly assign pay codes as eligible or ineligible plan compensation, often stemming from misunderstandings of plan documents or changes in payroll systems. Another frequent error is the exclusion of forms of additional compensation, such as bonuses, which should be included. Separate pay runs for bonuses are particularly prone to this issue.

Since compensation errors can result in participants receiving incorrect contributions, whether too much or too little, corrections must be carefully considered. These corrections may involve refunds to employees, forfeitures from participant accounts, additional distributions, or resolving overpayments, with earnings adjustments also taken into account. As with all errors, the employer should discuss appropriate measures with their plan provider.

Back to top

A plan participant who has reached the minimum distribution age, currently 73, may need to start receiving required minimum distributions (RMDs). The complex rules governing the initiation of RMDs, especially for beneficiaries of deceased participants, can lead to RMDs not being issued. There is a common misconception among plan sponsors about who is responsible for issuing RMDs. Many believe that former employees or beneficiaries should contact them to initiate the distribution, similar to an individual retirement account. However, for retirement plans, the responsibility to issue RMDs lies with the plan sponsor. Failure to meet the RMD requirement constitutes an operational failure of the plan.

Another misconception is that employees must submit paperwork to consent to the distribution. In reality, plan sponsors do not need the participant’s consent; they can calculate and issue the distribution directly. A Voluntary Correction Program (VCP) request can prompt the IRS to waive the potentially substantial penalty, assessed to the participant for failing to receive the RMD and allow the plan to remain qualified once the distributions are made.

Back to top

Errors with hardship distributions issued from retirement plans can arise from various factors. One common issue is the misinterpretation of eligibility criteria, leading to improper approvals or denials of hardship requests. Additionally, inaccuracies in documentation or failure to collect necessary supporting evidence can result in non-compliance with IRS regulations. Miscalculations of the distribution amount, either exceeding or falling short of the allowable limit, also occur.

Who has the responsibility for hardship distribution compliance – the employer or the employee? The answer is a combination of both.

In some cases, employees are able to self-certify their need for a hardship distribution from a retirement plan. While self-certification relieves employers from examining documentation that supports the request and seeing personal details the employee may not want to share, it places onus on an employee to retrain appropriate documentation to support the distribution taken. This documentation may be needed to defend the distribution should the plan come under examination. In this regard, employers still carry some burden of the responsibility in substantiating the distribution, albeit through requesting support from the employee rather than maintaining the documentation themselves.

Back to top

Another common compliance mistake is when the employer fails to properly set up payroll to collect loan payments. Here’s the scenario: An employee requests a loan through the plan recordkeeper’s website. The loan is processed, the check is distributed to the participant, and the recordkeeper generates an amortization schedule. The schedule is then sent to the plan sponsor. Yet, due to an internal control issue, the schedule does not get set up properly in payroll. As a result, the plan participant can end up incurring a taxable distribution for failure to pay back the loan, and the plan sponsor has a plan qualification error.

Depending on the error's scope, the plan sponsor may need to self-correct or file a VCP request with the IRS. If a VCP request is filed, the IRS might waive the taxable income for the participant or propose another solution. Typically, the participant will need to make a lump-sum payment or re-amortize the loan to stay within the loan’s original repayment period.

Back to top

Can an employer adopt a plan document to implement a retirement plan and never amend the document? No, it is not possible. A common error made by employers is to put their retirement plan on “autopilot” and assume that the third-party administrator or ERISA counsel is taking care of any required legislative amendments to the plan’s terms. Employers that have adopted a pre-approved document are often able to rely upon amendments made by the document sponsor; however, there are situations where individual employers have to execute the amendments. Employers with individually designed plan documents often bear a greater responsibility to ensure timely execution of amendments. Consequently, it is not uncommon to find plans with outdated effective dates due to the employer's failure to make necessary amendments or restatements.

How does an employer address such a situation? Here are some correction steps:

• Amend the plan: Draft a plan document that is in compliance with all current laws and regulations.
• Review prior plan administration to see if it complied with amended terms: The longer sponsors wait to take this step, the more difficult it becomes. Correct any operational errors that may have occurred.
• File a VCP application with the IRS: A fee based on the size of the plan must be paid with the application. The objective is not to disqualify the plan or unduly punish the employer, but to bring the plan back into compliance.

Summary

Operational failures in retirement plans can create significant consequences, threatening both regulatory compliance and employee trust in the organization’s commitment to their financial future. Correcting these issues often requires more than just additional plan funding—it can also involve substantial costs for external advisors and considerable time from internal staff. If left unaddressed, the consequences can escalate further, exposing the organization to regulatory penalties and increased scrutiny during audits.

Regular, thorough reviews of plan document terms and the practices of both the employer and plan service providers can significantly reduce the errors discussed in this article. Mistakes often arise when employers neglect to actively manage their retirement plans, assuming all is running well because it has in the past or relying too heavily on automated processes without ensuring proper policies and procedures are in place. Whenever there are changes in personnel handling retirement plan matters, payroll systems, or plan providers, the policies should be revisited to ensure ongoing compliance in the face of change. With diligent oversight and proactive management, plan operational failures can be effectively mitigated.

Errors are inevitable, even with robust practices and procedures. The IRS acknowledges this and encourages plan sponsors to promptly address and correct plan errors upon discovery. Employers should seek advice from experts knowledgeable in plan failures to ensure reasonable correction methods are applied and that proper documentation is maintained with the permanent plan records. For assistance in correcting plan errors, contact us or see our article discussing plan correction methods: New guidance from IRS on correction of errors in qualified retirement plans.

Got questions? Connect with your advisor with any questions about this article.