While auditors are responsible for the quality of their employee benefit plan (EBP) audits, plan administrators are ultimately responsible for the way their plans are operated. Plan administrators who familiarize themselves with a new reporting standard can better understand the new EBP audit requirements and ensure they are compliant.
The Statement on Auditing Standards No. 136 (the SAS), Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to the ERISA [Employee Retirement Income Security Act of 1974], issued July 2019 by the AICPA, prescribes new performance requirements for audits of EBP financial statements. It also specifies changes to the form and content of the related auditor’s report, leading to improved EBP audit quality. The SAS is effective for audits of EBP financial statements for periods ending on or after December 15, 2021. The SAS should not be adopted for non-ERISA plans.
The U.S. Code of Federal Regulations (CFR) outlines the Department of Labor’s rules and regulations for reporting and disclosure under ERISA. This CFR currently allows auditors to issue reports on the plan financial statements with a disclaimer of opinion due to the scope limitation related to ERISA Section 103(a)(3)(C), more commonly referred to as “limited scope audits.” Under certain circumstances, plan management may elect to adopt an exemption under this section, allowing plan administrators to instruct auditors not to perform any additional procedures with respect to investment information prepared and certified by a bank or similar institution, or by an insurance carrier that is regulated, supervised, and subject to periodic state or federal examination.
The SAS states that an audit under this ERISA section is unique to EBPs and should not be considered a scope limitation, therefore an auditor will no longer issue a disclaimer of opinion. Instead, the auditor’s report will provide a two-pronged opinion on whether the amounts and disclosures in the financial statements not covered by the certification are presented fairly, in all material respects, in accordance with the applicable financial reporting framework. It will also provide an opinion on whether the certified investment information in the financial statements agrees to, or is derived from, in all material respects, the certification.
Key Changes for Plan Management
While this SAS brings changes for auditors, there are also significant changes for plan administrators. As part of the auditor’s acceptance of the audit engagement, the auditor will ask the plan administrator to acknowledge management’s responsibilities for maintaining a current plan instrument, administering the plan, and providing the auditor with a substantially complete draft Form 5500 prior to the dating of the auditor’s report. In addition, the new standard requires the auditor to obtain certain written management representations regarding those responsibilities at the conclusion of the audit. While these have always been responsibilities of plan management, this new standard requires plan management to formally acknowledge these responsibilities in both the engagement letter and the management representation letter.
The most significant change for plan administrators relates to the determination that the conditions of an audit under this ERISA section have been met. This includes determining whether:
- This type of ERISA audit is permissible under the circumstances.
- The investment information is prepared and certified by a qualified institution.
- The certification meets the requirements in 29 CFR 2520.103-5.
- The certified investment information is appropriately measured, presented, and disclosed in accordance with the applicable financial reporting framework.
Management will now be required to provide its basis of determination for these criteria to the plan’s auditor.
It is important the plan administrator review the certified investment information that will be included in the financial statements to determine the investments have been valued as of the plan’s year-end. The plan administrator should also determine the method of determining the investments’ fair value is in accordance with the applicable financial reporting framework.
When management elects to have this type of ERISA audit, the auditor is required to ask management how it determined the entity preparing and certifying the investment information is a qualified institution under Department of Labor rules and regulations. If the plan administrator determines the certification is not acceptable, the plan administrator would need to take appropriate steps to obtain an acceptable certification or engage the independent auditor to perform a non-section 103(a)(3)(C) audit, whereby the auditor performs further audit procedures on the investment and investment information.
If you have questions about this SAS, or what it means for your EBP audits, or if you would like assistance with any matter involving audit and assurance, business advisory, or regulatory compliance, one of our executive contacts would be happy to assist. You may email them below, or call (800) 270-9629.