AICPA standard on employee benefit plans now effective

In July 2019, the AICPA’s Auditing Standards Board (ASB) published Statement on Auditing Standards (SAS) 136, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA, which was originally effective for audits of financial statements issued by employee benefit plans subject to the Employee Retirement Income Security Act of 1974 (ERISA) for periods ending on or after Dec. 15, 2020. The ASB subsequently deferred the effective date of SAS 136 to periods ending on or after Dec. 15, 2021.

SAS 136 was issued to enhance the overall audit quality of employee benefit plans subject to ERISA. In addition to addressing the auditor’s responsibilities to form an opinion and report on the audit of financial statements of an employee benefit plan subject to ERISA, SAS 136 updates the form and content of the auditor’s report, including a new type of auditor’s report; discusses management’s responsibilities; and establishes new requirements related to communications with those charged with governance.

Management’s responsibilities

Management has numerous responsibilities in administering an employee benefit plan subject to ERISA. SAS 136 requires the auditor to obtain acknowledgment from management regarding the following responsibilities, among others:

• Maintaining a current plan instrument, including all plan amendments;
• Administering the plan and determining that the plan’s transactions that are presented and disclosed in the financial statements are in conformity with the plan’s provisions, including maintaining sufficient records with respect to each of the participants to determine the benefits due or which may become due to such participants;
• Considering the plan’s ability to continue as a going concern for the time period dictated by the applicable financial reporting framework; and
• Providing the auditor, prior to the dating of the auditor’s report, with a draft of the Form 5500 that is substantially complete.

When management elects to have an ERISA Section 103(a)(3)(C) audit, discussed in more detail below, SAS 136 requires the auditor to obtain acknowledgment that management is further responsible for determining that

• An ERISA Section103(a)(3)(C) audit is permissible under the circumstances;
• The investment information is prepared and certified by a qualified institution, as described in 29 CFR 2520.103-8 of the Department of Labor’s (DOL’s) Rules and Regulations for Reporting and Disclosure under ERISA
• The certification meets the requirements in 29 CFR 2520.103-5; and
• The certified investment information is appropriately measured, presented, and disclosed in accordance with the applicable financial reporting framework.

Auditors will evaluate these determinations as part of their audit procedures. Management will also be asked to provide a written representation acknowledging that management’s election of the ERISA Section 103(a)(3)(C) audit does not affect its responsibility for the financial statements.

Management’s responsibilities are enumerated in the audit engagement letter and described in the auditor’s report as well as in management’s representation letter.

Form and content of auditor’s report

SAS 136 updates the form of the auditor’s report to align more closely with the reporting requirements of International Standards on Auditing. Most notably,the opinion section now appears first, and a basis for opinion section follows. The basis for opinion section includes a new statement indicating that the auditor is required to be independent of the plan and to meet other ethical responsibilities in accordance with the relevant ethical requirements.

In addition, the management responsibilities section of the auditor’s report was expanded to discuss, among other things, management’s responsibilities for considering the plan’s ability to continue as a going concern for the time period dictated by the applicable financial reporting framework. The auditor’s responsibilities section was also expanded to provide greater transparency and clarity into the auditor’s responsibilities in performing the audit, including maintaining professional skepticism, concluding on the plan’s ability to continue as a going concern, and communicating certain matters with those charged with governance. This section now also includes descriptions of key audit concepts, such as reasonable assurance and materiality.

New auditor’s report for ERISA Section 103(a)(3)(C)

SAS 136 establishes a new type of auditor’s report for audits performed based on management’s election of ERISA Section 103(a)(3)(C) pursuant to 29 CFR 2520.103-8. DOL regulations do not require the auditor to audit any statements or information related to assets held for investment of the plan (investment information) prepared by a bank, similar institution, or insurance carrier that is regulated, supervised, and subject to periodic examination by a state or federal agency, if the investment information is prepared and certified to as complete and accurate by the qualified institution in accordance with 29 CFR 2520.103-5 of the DOL’s Rules and Regulations under ERISA (qualified institution) and management elects to have an ERISA Section 103(a)(3)(C) audit. As a result, management may instruct the auditor not to perform any auditing procedures with respect to the certified investment information. Historically, when management elected ERISA Section 103(a)(3)(C), the auditor expressed a disclaimer of opinion on the financial statements due to the scope limitation. The new auditor’s report under SAS 136 enables the auditor to express an opinion that (i) the amounts and disclosures in the financial statements, other than those agreed to or derived from the certified investment information, are presented fairly, in all material respects, in accordance with the applicable financial reporting framework, and (ii) the information in the financial statements related to assets held by and certified to by a qualified institution agrees to, or is derived from, in all material respects, the information prepared and certified by a qualified institution.

Similarly, the auditor expresses an opinion on the ERISA-required supplemental schedules that (i) the form and content of the supplemental schedules, other than the information that agrees to or is derived from the certified investment information, are presented, in all material respects, in conformity with the DOL’s Rules and Regulations, and (ii) the information in the supplemental schedules related to assets held by and certified to by a qualified institution agrees to, or is derived from, in all material respects, the information prepared and certified by an institution that management determined meets the requirements of ERISA Section 103(a)(3)(C).

Communications with those charged with governance (reportable findings)

When the audit work performed results in the identification of items that are not in accordance with the criteria specified (for example, not in accordance with the plan instrument), SAS 136 requires the auditor to evaluate whether those matters are reportable findings.

Reportable findings are matters that are one or more of the following:

• An identified instance of noncompliance or suspected noncompliance with laws or regulations
• A finding arising from the audit that is, in the auditor’s professional judgment, significant and relevant to those charged with governance regarding their responsibility to oversee the financial reporting process
• An indication of deficiencies in internal control identified during the audit that have not been communicated to management by other parties and that, in the auditor’s professional judgment, are of sufficient importance to merit management’s attention

SAS 136 further requires the auditor to communicate reportable findings, in writing, to those charged with governance.Similarly, the auditor expresses an opinion on the ERISA-required supplemental schedules that (i) the form and content of the supplemental schedules, other than the information that agrees to or is derived from the certified investment information, are presented, in all material respects, in conformity with the DOL’s Rules and Regulations, and (ii) the information in the supplemental schedules related to assets held by and certified to by a qualified institution agrees to, or is derived from, in all material respects, the information prepared and certified by an institution that management determined meets the requirements of ERISA Section 103(a)(3)(C).