A quality audit is critical to your business and helps protect the financial integrity of your employee benefit plan. The Department of Labor (DOL) generally requires an employee benefit plan audit to be completed with 100 or more participants as part of the obligation to file an annual return (Form 5500).
In July 2019, the American Institute of Certified Public Accountants (AICPA) Auditing Standards Board issued Statement on Auditing Standards (SAS) No. 136, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA, in an effort to improve the quality of ERISA audits and the relevance of the auditor’s reports. SAS 136, which is specific to employee benefit plans, is part of a full suite of standards (SAS Nos. 134 to 140) that impact audits of all entities. This standard will be effective for your 2021 employee benefit plan audit.
What has changed?
The new standard includes changes for both the plan auditor and plan management. It’s important to understand the requirements of both when thinking about how your audit will change going forward. The overarching theme is to increase plan sponsor awareness of its responsibilities and the meaning of what has traditionally been referred to as a “limited scope” audit.
Key changes for the plan auditor to consider include:
- Engagement acceptance and obtaining additional management representations.
- Performing risk assessment procedures related to the plan instrument, plan tax status and prohibited transactions, and responding to identified risks.
- Communicating additional matters (reportable findings) to those charged with plan governance;
- Performing certain additional audit procedures unique to auditing ERISA plans.
- Issuing a new form of the audit report (an ERISA Section 103(a)(3)(C) auditor’s report instead of a “limited scope” audit report) that changes the form and content to help improve audit quality and enhance the communicative value and transparency of the audit report.
Key changes for plan management include acknowledging and understanding responsibility and confirming to the auditors all of the following:
- Maintaining a current plan instrument, including all plan amendments.
- Administering the plan and determining that the plan’s transactions that are presented and disclosed in the ERISA plan financial statements conform to the plan’s provisions, including maintaining sufficient records with respect to each of the participants to determine the benefits due or which may become due to such participants.
- When management elects to have an ERISA Section 103(a)(3)(C) audit, determining whether:
- An ERISA Section 103(a)(3)(C) audit is permissible under the circumstances.
- The investment information is prepared and certified by a qualified institution as described in 29 CFR 2520.103-8.
- The certification meets the requirements of 29 CFR 2520.103-8.
- The certified investment information is appropriately measured, presented, and disclosed in accordance with the applicable financial reporting framework.
- Providing auditor with a substantially complete Form 5500 draft before issuance of the auditor’s report.
If your auditor was following the AICPA Employee Benefit Plan Audit and Accounting Guide, actual detailed auditing procedures should not look much different as a result of SAS 136. However, with the implementation of this standard in the next ERISA audit your plan undergoes, you should:
- Expect additional questions and requests from your auditor;
- Be prepared to receive an audit report that looks different than ones you have received in the past; and
- Look for additional communications.
P&N professionals have been auditing employee benefit plans for over 40 years--serving as proactive advisors for organizations and benefit plan administrators. Our dedicated team audits more than 200 benefit plans annually, which range from very small plans to those with greater than 100,000 participants and $11 billion in assets. We can help you with the implementation of SAS 136 along with any other employee benefit plan needs that may arise. Contact us to get started.