The AICPA Auditing Standards Board issued a suite of new auditing standards impacting several aspects of an audit to include, but not limited to, modifying the auditor’s report and communication to those charged with governance, as well as requiring additional audit procedures over related-party relationships and significant unusual transactions.
Please read our recent Knowledge Share article regarding the new auditing standards 134-140 for more context around Statements on Auditing Standards (SAS) 134-140.
Among these new pronouncements is a new auditing standard specifically addressing audits of employee benefit plans (EBP), entitled SAS 136, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA (SAS 136).
SAS 136 is effective for EBPs with periods ending on or after December 15, 2021. Therefore, if your Plan’s year-end is a calendar year-end of December 31, 2021, or a fiscal year-end date any time after December 15, 2021, these changes apply.
EBP audits are unique with varying responsibilities on the side of Plan management and that of the auditor. They are compliance-based and performed when required by the Department of Labor (“DOL”). The onset of SAS 136 brings about several revisions that impact both the auditor and Plan management and may result in an increase of time and effort for both parties.
- Auditor’s Report
The form and content of the auditor’s report have been revised by more prominently presenting the opinion towards the beginning of the auditor’s report while also enhancing the responsibilities of both Plan management and the auditor to provide additional transparency for the users of the financial statements. Furthermore, what was formerly known as a “limited scope audit” is now referred to as an ERISA Section 103(a)(3)(C) audit and what was formerly known as a “full scope audit” is now referred to as a Non-Section 103(a)(3)(C) audit.
Plan management should also be aware that with this change the prior limited scope audit, which provided a “disclaimer of opinion,” will no longer be the “norm.” Instead, auditors will provide an ERISA Section 103(a)(3)(c) audit opinion based on the audit evidence obtained.
In certain circumstances during year one of this standard being effective, the audit may include two auditor reports. One is the report from the prior year’s audit that includes the limited scope disclaimer of opinion and another report under the newly effective SAS 136. The auditor may also issue one report under SAS 136 which would include an additional paragraph referencing the previously issued report from the prior year.
- Planning Procedures
SAS 136 requires an auditor to ensure management understands its responsibilities regarding maintaining a current plan instrument, that transactions conform with the Plan’s provisions, and that when management elects to have an ERISA 103(a)(3)(C) audit, that investment information is prepared and certified by a qualified institution and such information is appropriately measured, presented, and disclosed in accordance with the applicable financial reporting framework. What does this mean for Plan management? It means that:
- Management must be able to support that all of the Plan’s “ducks are in a row” by way of having a current plan instrument on file including all applicable amendments.
- Management must be able to explain the processes in place to ensure that all plan transactions such as distributions, loans, employee and employer contributions are made in accordance with the Plan’s provisions to the best of management’s knowledge.
- Management must be able to support that the certification provided to the auditor allows for an ERISA 103(a)(3)(C) audit. That is, the certifying party is a qualified institution (e.g., a bank, insurance company, or similar institution that is regulated, supervised and subject to periodic examination by a state or federal agency), and has certified as to both the accuracy and completeness of the Plan’s investments held and that such information provided by that institution is measured appropriately and is correct.
- Additional Communications
Be alert for more communications with Plan management related to significant risks identified during planning for the EBP audit engagement. This new requirement is intended to provide additional transparency into the audit process. Plan management should be open and prepared to discuss these matters with their auditor as such communications will only enhance the business relationship.
- Form 5500
The auditor is required to obtain a draft of Form 5500 that is substantially complete prior to dating the auditor’s report. In addition to obtaining, the auditor must review the draft Form 5500 to ensure no significant discrepancies exist that are not either corrected or disclosed in the financial statements prior to finalizing the audit and filing with the DOL. Prior to this new requirement, the existence of significant variances could cause either an amended Form 5500 filing or a restatement of previously issued financial statements.
- Other Required Procedures
Auditors are now required to perform additional enhanced procedures on related parties and significant unusual transactions. While rare for most Plans, these procedures require additional audit effort and will result in additional questions to Plan management that may have not come up in prior audits.
Planning for Success
While a learning curve can be expected when implementing change, maintaining open lines of communication to best understand the impending change will result in a successful outcome. Plan management and their auditors should start discussing the impact of these changes as soon as possible the set each party up for success come audit season.