Kristen E. Moss, CPA
The Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA), which establishes audit standards for CPAs, issued Statement on Auditing Standards (SAS) No. 136, “Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA”. This statement is directed to auditors who perform audits of financial statements of employee benefit plans subject to the Employee Retirement Income Security Act of 1974 (ERISA). The new standard prescribes certain new performance requirements for ERISA plan financial statement audits and changes the form and content of the related auditor’s report.
The new standard is effective for audits of ERISA plan financial statements for periods ending on or after December 15, 2021 and includes new requirements in all phases of an audit of ERISA plan financial statements including:
- engagement acceptance and obtaining additional management representations,
- performing risk assessment procedures related to the plan instrument, plan tax status, and prohibited transactions, and responding to identified risks,
- communicating additional matters (reportable findings) to those charged with governance,
- performing certain additional procedures unique to auditing ERISA plans, and
- Issuing a new form of the auditor’s report.
Another significant change is that an audit performed pursuant to ERISA section 103(a)(3)(C) will no longer be referred to as a “limited scope audit” but rather going forward will be referred to as an “ERISA section 103(a)(3)(C) audit.” The ERISA Section 103(a)(3)(C) audit is unique to employee benefit plans and is not considered a scope limitation. Accordingly, the auditor will no longer issue a disclaimer of opinion, but instead would issue an ERISA section 103(a)(3)(c) auditor’s report that contains a two-pronged opinion that is based on the audit and on the procedures performed relating to the certified investment information.
As part of the auditor’s acceptance of the audit engagement, your auditor will request plan management sponsor/administrator to acknowledge in the engagement letter management’s responsibilities for maintaining a current plan instrument, administering the plan, and providing the auditor with a draft Form 5500 prior to the dating of the auditor’s report. In addition, the new standard requires that your auditor obtain certain written management representations at the conclusion of the engagement regarding those responsibilities. It also includes new acknowledgements related to management’s responsibilities with respect to the investment certification when management elects to have an ERISA Section 103(a)(3)(C) audit [previously called a “limited scope” audit as noted above] and requires auditors to inquire of management about management’s processes for determining that the certification meets DOL requirements and that the certifying entity is a qualified institution under DOL rules and regulations. Management will be asked to acknowledge their responsibility for determining whether:
- an ERISA Section 103(a)(3)(c) audit is permissible
- the investment information is prepared and certified by a qualified institution
- the certification meets DOL requirements
- the certified investment information is appropriately measured, presented, and disclosed in accordance with the applicable financial reporting framework.
In addition, your auditor may request additional information from you in order to perform the plan audit under the new standard. Management should become familiar with the provisions of this standard as its impact on employee benefit plan audits and financial reporting requirements is significant and may result in an additional level of effort in preparing for the audit. For additional information, please review the AICPA plan advisory document.