Changes to Employee Benefit Plan Audits Are on the Horizon

August 25, 2021

In July 2019, the American Institute of Certified Public Accountants (AICPA) released new audit requirements for employee benefit plans through the issuance of Statement on Auditing Standards No. 136 (SAS 136), Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA.

The AICPA issued SAS 136 in response to a U.S. Department of Labor (DOL) examination of employee benefit plan audit quality in 2015, which indicated there were areas for improvement in the audit process.  SAS 136 is intended to improve audit quality through enhanced auditor transparency, improved planning, risk assessment and reporting procedures and expanded communication requirements. While many of the changes brought about by SAS 136 will only be evident in audit documentation maintained by the auditor, plan sponsors can expect to field additional inquiries and will notice significant changes to the independent auditor’s report.

Some notable changes with SAS 136 include the following:

Audit Scope and Report

Auditors will no longer be permitted to issue a “limited scope” disclaimer opinion for plans where a qualifying institution certifies the accuracy and completeness of investment information, and the auditor did not perform any auditing procedures on certified investment information.  Rather, auditors will instead be permitted to perform an ERISA Section 103(a)(3)(C) audit for applicable plans with appropriately certified investment information. The independent auditor’s report will now include a two-pronged opinion that 1) the information in the financial statements that is not certified is presented fairly, and 2) whether the investment information being reported on agrees to or is derived from the information prepared and certified by a qualifying institution. This report will be considered an unmodified report when completing the Form 5500 filing.

Other Areas of Change

Under SAS 136, reportable findings are now required to be made to management and/or those charged with plan governance in writing.  Previously, oral communication was permitted.

The auditor will be required to receive the following new written representations from management acknowledging its responsibility to:

  • Maintain a current plan instrument;
  • Administer the plan in accordance with the plan instrument;
  • Determine that transactions presented and disclosed in the financial statements conform with plan provisions; and
  • Provide the auditor with a substantially complete Form 5500 prior to the dating of the auditor’s report.

There will also be new requirements for audit documentation in engagement acceptance and continuance, risk assessment and procedures performed in response to assessed risks.

Originally intended to be adopted by employee benefit plan auditors for calendar year-end 2020 audits, required implementation of SAS 136 was delayed one year due to the COVID-19 pandemic and is now required for audits of employee benefit plans for plan years ending on or after December 15, 2021.  An option to early adopt the new standard was added when the AICPA approved the deferral of the implementation date, therefore many employee benefit plan auditors may elect to apply the provisions of SAS 136 for 2020 calendar year-end audits.

Employee benefit plan sponsors should familiarize themselves with the changes coming to their plan audits and ensure their auditor is performing the audit in compliance with related regulations.