In 2017, the American Institute of CPAs (AICPA) issued an exposure draft of new standards designed to overhaul employee benefit plan audits. The standards, originally scheduled to go into effect the end of 2020 but delayed by the pandemic, will now go into effect for audits of financial statements for plans with years ending December 31, 2021.
The standards cover financial statement audits for employee benefit plan audits subject to the Employee Retirement Income Security Act of 1974 (ERISA), which are generally plans with more than 120 eligible participants.
The updated standards were prompted in part by a 2015 U.S. Department of Labor report stating that 39% of employee benefit plan audits contained “major deficiencies with respect to one or more Generally Accepted Auditing Standards (GAAS) requirements which would lead to rejection of a Form 5500 filing, putting $653 billion and 22.5 million plan participants and beneficiaries at risk.”
Since then, AICPA has been working on solutions to improve the quality of employee benefit audits and enhance the value of audit reports for users.
The resulting final standard, Statement on Auditing Standards (SAS) Number 136, “Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA,” includes several significant changes.
According to the AICPA, the standard provides new requirements in all audit phases, including engagement acceptance, risk assessment and response, communication with those charged with governance, performance procedures, and reporting.
Among the changes are new rules related to limited-scope audits, now referred to as ERISA section 103(a)(3)(c) audits, and the reports issued by auditors in this type of engagement.
The standards also require new management representations regarding maintaining a current plan instrument, administering the plan, and providing the auditor with a substantially complete draft Form 5500 prior to the dating of the auditor’s report.
In addition, plan administrators who choose this type of audit must now acknowledge their responsibilities in seeking and reviewing investment certifications and confirming the certifying institution is qualified. Administrators must also notify management the certification is proper.
The new standards also clarify auditor expectations, including procedures to be used when performing this type of audit—specifically on certified investment information—and describe a new type of report providing greater transparency for users.
After the audit is complete, auditors will use a new reporting model with longer, more detailed financial statement opinions that clearly state the scope and nature of the engagement, indicating what the auditors did and did not include in their analysis.
In addition, rather than including a disclaimer of opinion for certified investment information, auditors will offer an opinion about the fair presentation of information not covered by the certification and address the relationship between certified investment information and financial statements.
Findings will also be more detailed, which will help plan managers correct them, if needed.
How Can You Prepare?
Note the new SAS doesn’t change ERISA rules, so management can still select an ERISA section 103(a)(3)(c) audit. And while the new SAS doesn’t include any particularly significant new responsibilities for plan sponsors, there are additional steps and procedures your administrators and auditing team must complete. For this reason, working with a highly experienced and qualified team of auditors is imperative.
In addition, good communication among all parties will support a smooth transition to the new standards and leverage you for success with your audit next year.
We are here to help. Please contact our team with any questions about the new employee benefit plan audit standards.