AICPA Releases SAS 136 to Confirm Performance Requirement Changes for ERISA Auditor Reporting

In July 2019, the American Institute of Certified Public Accountants (AICPA) Auditing Standards Board (ASB) issued the anticipated AICPA Statement on Auditing Standards No. 136, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA (EBP SAS). The EBP SAS addresses an auditor’s responsibility when forming an opinion and reporting on audits of financial statements of employee benefit plans subject to the Employee Retirement Income Security Act of 1974 (ERISA).

The EBP SAS is meant to increase the communication and transparency value of the auditor’s report for any ERISA plan financial statements, as well as include certain performance requirements unique to auditing ERISA plans. The EBP SAS will cause significant changes to the form and content of the auditor’s report on plan financial statements as well as ERISA-required supplemental schedules.

Highlights of the Standard
  • No More “Limited Scope” Audits – Subsequent to the effective date, audits previously referred to as “limited scope audits” will be now referred to as “ERISA section 103(a)(3)(C) audits.” The EBP SAS includes new performance and reporting requirements specific to those audits, and as such they will no longer be considered to have a scope limitation.
  • Form 5500 – As required by the EBP SAS, management would need to provide the auditor with a draft of Form 5500 so that the auditor may review the draft for material inconsistencies with audited ERISA plan financial statements in order to determine if either the draft or the financial statements require revision.
  • Communications with Management – The EBP SAS describes certain communications the auditor is required to make with management and/or those charged with governance, including reportable findings communicated in writing and discussions of any matters to arise during the performance of an ERISA section 103(a)(3)(C) audit. Such communications include the following:
    • Reportable findings must be communicated in writing to management and those charged with governance in a timely manner.
    • The auditor must discuss with management any prohibited transactions that have not been properly reported in the supplemental schedule required by ERISA.
    • The auditor must communicate to those charged with governance the auditor’s responsibility in regards to the Form 5500, procedures performed and the results of such procedures.
  • Management Representations – In addition to those required by AU-C section 580, the auditor must have certain written management representations regarding management’s responsibilities for administering the plan; such representations must be obtained at the conclusion of the engagement. Management must provide the auditor with the most current plan instrument for the audit period, including any plan amendments.
  • Management Responsibilities – The EBP SAS provides clarity on management’s responsibilities during the audit. New engagement acceptance requirements state that the auditor will request plan management to acknowledge within the engagement letter all management responsibilities, including the following:
    • Maintaining a current plan instrument, including all plan amendments.
    • Administering the plan and determining that any of the transactions presented and disclosed in the plan financial statements are in conformity with the plan’s provisions, including sufficient records for plan participants.
    • Providing a completed draft of Form 5500 prior to the dating of the auditor’s report.
    • When choosing to elect an ERISA Section 103(a)(3)(C) audit, determining whether an ERISA section 103(a) (3)(C) audit is permissible under the circumstances:
      1. Investment information is prepared and certified by a qualified institution as described in 29 CFR 2520.103-8, so that it may be compared to information in the ERISA plan financial statements and ERISA-required supplemental schedules;
      2. Certification meets the requirements in 29 CFR 2520.103-; and
      3. Certified investment information is appropriately measured, presented and disclosed in accordance with the applicable financial reporting framework.

The standard is effective for financial statement audits for periods ending on or after December 15, 2020, with early adoption not permitted.

For questions or more information about ERISA section 103(a)(3)(C) audits, please reach out to us at assurance@dhg.com.