PICPA  >  CPA Now
CPA Now
Feb 22, 2021

New SAS Changes Impact Auditing in Multiple Areas

In a preview of her Accounting & Assurance and Employee Benefit Plans columns in the spring 2021 Pennsylvania CPA Journal, Dr. Nancy Stempin, director of technical accounting at Brown Schultz Sheridan & Fritz in Camp Hill, Pa., and an adjunct professor at Fairleigh Dickinson University, joins us to discuss changes to SAS Nos. 134, 136, 137, and 139, and the effect they will have on auditors going forward.

If you’d like, you can download this episode’s audio file. Additionally, you can follow us on iTunes, Google Play, or subscribe to our RSS feed.

View sponsorship and commercial opportunity details.

By: Bill Hayes, Pennsylvania CPA Journal Managing Editor


Podcast Transcript


In the Spring 2021 edition of the
Pennsylvania CPA Journal, our guest today does double duty, authoring both the Accounting & Assurance and Employee Benefit Plans columns on updated accounting standards that are set to impact the way audits are conducted. The pieces, which address SASs 134, 136, 138, and 139, offer insight on key changes and let auditors know what they should be doing right now to get ready for the new standards. For a preview, we are talking to Dr. Nancy Stempin, director of technical accounting at Brown Schultz Sheridan & Fritz in Camp Hill, and an adjunct professor at Fairleigh Dickinson University in Madison, New Jersey.

Can you walk us through the key changes brought about by SAS 134?

[Stempin] Basically, they're the new opinions that we're all going to see in the audit world. There's five key changes.

The first one is the order of the opinion's going to change. Historically, the opinion has actually been in the last paragraph. The look and the feel of these new opinions will change, and the opinion will actually be the first paragraph. Currently, you'd see the report of financial statements, the management responsibility, auditor's responsibility, and the opinion. Going forward, it's the opinion, basis of opinion, key audit matters if that's been determined to be scoped into the engagement, responsibility of management, auditor's responsibility, and other regulatory requirements.

If you hear that, it very much sounds very similar, a lot of the key elements are the same, it's just that order's one of the key things that's going to change.

There are several other changes. Within that basis of opinion paragraph, you're also going to see, basically, that it expressly states that the auditor's required to be independent and ethical. Is that different from today? No. However, what you're going to hear in all the pieces of this opinion is we're going to be more transparent about these comments, so we're going to expressly state that the auditor's independent and ethical.

The third area is the responsibility of management section. In there, we're going to expressly state that the company is going to do an evaluation every year of whether or not they’re going to continue as a going concern. Again, is that different than what we do today? No. But, what's different is we're going to expressly state this. It's a required disclosure in contrast to today, where we only include it if there's a concern.

The fourth area is the responsibility of the auditor. Similar to what we did with the responsibility of the management is the responsibility of the auditor section. Again, we'll talk about the fact that the company has an obligation to assess their ability to continue, but we're going to state here expressly that the auditor has a responsibility to evaluate judgments, risks, estimates, internal control around the evaluation of the conditions that give rise to the company's ability to be a going concern. Again, not a big change, we always did that. It's just the fact that, today, we're going to expressly state that.

The fifth area, which might be a surprise to some, would be the key audit matters. In the new world, which will be next year, we're basically going to say at the beginning of the engagement, do you want to have a key audit matters section in your opinion, at the conclusion of the audit? What would that be? The key audit matters will really be, in the opinion, you potentially could have highlighted by the auditor the key areas of high risk. Such as, in the current environment and COVID, AR. That might be perceived as higher risk. You might talk a little bit about what were the key audit activities you might have done to address those risks. Also, another area of care might be significant judgments. If there was something you did special around legal reserves, or pension assumptions, those might be something that you would put in here. The last section would be any significant events or transactions within the period. That would also be additional procedures you might have done there.

Does it mean we're doing something different than we did today? Not likely. But we're going to express this in the opinion, if in fact we've been engaged to do that.

If we haven't been engaged to put this in the opinion, honestly, this shouldn't change what we do. We should be talking to those charged with governance about our areas of higher risk, significant judgment, and significant events or transactions. A lot of this is around just enhancing the transparency around these kind of items within the opinion itself.

As a result of these changes we also saw some updates to SAS 139. What are the significant alterations there?

[Stempin] I'm going to slip a little between old language and new language, okay? For me, I'm old school, I'm probably always going to call this OCBOA, which is basically the special purpose framework such as cash basis, tax basis, those kind of things.

What SAS 139 says is that for all the changes we made in SAS 134 to the opinion, we're going to do the exact same thing in 139. The only difference is that SAS 139, we're going to put in a paragraph that we're using a special purpose framework.

Similar, again, to what we do today. I'm not seeing a lot of change between 139 and 134, just that paragraph that we would have today around the framework that's being used.

SAS 137: Has there been a change there as a result of this latest issuance?

[Stempin] There is a change here. It's not huge. What this SAS is, historically, we would have put in a supplemental schedule paragraph. If you put together the audit report and, at the back end, you put a couple pages on budget fluctuations or a regulatory page that you might need, this is super common.

SAS 137 says we're going to actually call this other information on a go-forward basis. What it's asking us to do is to actually assess if there's any material inconsistency in what appears in that schedule and what would appear in the financial statements. That's a change from where we are today.

Before, we would have an obligation, we would put in the company's financials. But we didn't necessarily have an obligation to assess whether or not it was materially inconsistent.

Or, if we were aware of any inconsistency of facts, that schedule might show that you sold a building. But, if the financial statements didn't say you sold that building, then basically we'd say that one of them has to change. Those supplemental schedules need to, basically, be consistent with what's in the financials, and there shouldn't be any material inconsistency between the two. That's really what SAS 137 is helping guide us to.

Implementation of these standards is effective December 15th, 2021, so a little bit of time there. What should auditors be doing right now to prepare for that?

[Stempin] I've gone through a few of these, and I suspect you're going to ask me about a few more. But this is actually a suite of standards; there's SASs 134 to 140.

But what I think people really need to be doing now is this is a great opportunity for you to have a conversation with those charged with governance. Whether you're in the company and speaking to those charged with governance, or whether or not you're an auditor speaking to those charged with governance, and I think it's important to include in that conversation not just the people in the company and the auditor, but the bankers and the attorneys, people who are actually going to use these financial statements, so that they understand that these changes are going to happen and they won't be caught off guard.

So if we, all of a sudden, see a statement in here about the management's responsibility to assess their ability to continue to be a going concern, it shouldn't be a red flag. Again, all of what I've talked about is stuff we really did today, it's just really about enhancing the transparency of what we're doing and the like. We just don't want folks to be caught off guard by these changes. One of the key things I'd be doing right now is having conversations with stakeholders, make sure they understand that changes are coming.

The other thing is it's a fabulous opportunity to reflect and say, "Have I been talking about these key audit matters? Whether they appear in the opinions, or whether or not they don't appear in the opinion, am I having conversations with my key stakeholders today, about the key areas of risk, and the key areas of judgment, and what we're doing to assess them." I think that's a great opportunity to have an open discussion and dialogue around these key areas of high risk.

Lastly and more pragmatically, administratively, the auditors may want to be considering drafting these reports in an off time or downtime this year, instead of waiting until the day their effective to put them in. This is one of these great things that you can pull forward a little bit, so that you can start drafting them preliminarily, and start making sure that everybody's aligned on what's going to happen and what the language is going to look like, instead of waiting until the last day.

The key here is have a conversation with those charged with governance in the short term, and then just start planning for the effectiveness of these new standards.

In the area of employee benefit plans, we have SAS 136. What changes will we see as a result of that standard? Which is its effective for formerly limited scope audits for periods ending on or after December 15th, 2020. What's the status there?

[Stempin] SAS 136 was, again, part of that suite that we talked about a little bit earlier. What's happening here is, I would say that the biggest piece is nomenclature.

We used to say a limited scope audit was basically where the auditor might have performed procedures, but however they relied upon the work of somebody else as part of the limited scope requirements. On a go-forward basis, we're going to call that an ERISA Section 103A3C audit, okay?

We're getting rid of that limited scope terminology, and, going forward, everything is going to say an ERISA Section 103A3C audit. I think part of that was around a desire for folks to understand that these employee benefit reports are often triggered by the Department of Labor and ERISA, so these are really in response to those. We're going to be a little bit more explicit in articulating the fact that these are appropriate, and they're covered under the ERISA section.

The other thing that's super key here is, in the past, we would disclaim an opinion. On the go-forward basis, we're removing that disclaimer and we're saying we're going to provide a basis of opinion in accordance with ERISA Section 103A3C.

Maybe this will help you and some of your listeners. We've actually gotten to a place that, when we were in the 1940s, 40% of audits were done this way. We're actually, very recently in a report by the DOL, 80% of all reports will fall into this criteria. This is really the largest portion of what we see out there, of audit reports today. Like I said, the biggest change is really the nomenclature that's being used here.

There's about three or four other areas that I would say probably have changed as well. The second would be very similar to what happened in 134, is the order of the report has changed. The auditor's opinion is now presented earlier, consistent with what we saw in 134, and it appears second after the scope. I think that makes a lot of sense, because the scope in this particular case is so important. Then you're following it immediately with letting the reader know the scope of the project, and then what opinion is associated with it. So, again, the order has been moved around a little bit here.

The ERISA Section 103A3C audit opinion expressly states the amounts and disclosures not covered by the certification are correct, and information related to the certified information agrees to the certification. We're being, again, a little more transparent about what we're doing and what they're reading. Consistent again with 134, we're going to say that the auditor is independent and ethical.

Is that different from where you are today? No. But again, we want to expressly state these kind of things.

There are three other pieces that change a little bit. Which is, within the responsibilities of management section, we're again going to expressly state that the management has done the evaluation about its ability to continue as a going concern, consistent again with 134. That's, of course, in contrast to today, where we don't put it in unless there is a concern.

Finally, within that section, and you're going to see this with the auditor activities, we're going to be a lot more explicit as far as the responsibilities around planned administration and record keeping that are the responsibilities of management. Is that new? No. But, again, we're going to just be more transparent about those kinds of administration record keeping things that are performed by management.

Some changes in responsibility of management statement there, but not a lot of changes in what the actual activities are that we're performing.

The next one would be the responsibility of the auditor. Similar to what was happening with management, we're going to have a conversation, again, in that paragraph about a company's ability to continue as a going concern. That is in contrast to where we are today, where it's only included if there's a concern.

We're also going to expressly state the responsibilities of the auditor around professional judgment, professional skepticism, understanding of internal control, and a communication with those charged with governance. Those things are what auditors are doing every day, but this is around making sure that it's included in the audit report and people understand that.

The last one is somewhat of a bigger item, which is the required opinion on the supplemental schedules. Consistent with 134, we're going to look for basically ... in this case here, we're going to take it a step further and actually provide a required opinion on the supplemental schedules.

We're going to say, "In our opinion, the information on the accompanied schedules is fairly stated in all material respects, in relationship to the financial statements as a whole, and the form and content are presented in conformity with the DOL and ERISA."

We saw this change in 134, around making sure it was consistent with the fact. Now what we're seeing here is that their looking for the auditor to provide an opinion around these supplemental schedules to make sure that they are fairly stated in all material respects.

Those are the key changes that are going to be in this new audit opinion. Believe it or not, it's actually a fair amount of changes.

Not a lot around what we do, just more about what we're saying we do.

This could be a question that maybe it's more my question than the listeners, but if you could explain: We talk a lot about ERISA plans. Are there other types of plans to which this standard would apply?

[Stempin] The ERISA plans that I just spoke about were really what we used to call the limited scope opinions. There's also ERISA plans that are full-scope audits. You might have a full-scope audit where you're not relying on certified information, and, as I said earlier, there's probably about 20% of the plans out there that would potentially fall into that space. Those we might have on a defined contribution 401k plan, or a defined benefit plan potentially.

So in that situation, the nature and the scope section would not include the comments around the ERISA section 103A3C. That piece would be excluded. But all the other sections would effectively be the same.

You would still have an opinion: a basis of opinion. The responsibilities of management would be consistent with what we just talked about. The responsibility of the auditor would be consistent with what we just talked about. Then, it would require the opinion on the supplemental schedule. All of it's very, very similar. What I would really like to highlight here, potentially, is there's some really great examples in the actual language as well.

Similar to what we asked before, what should EBP auditors be doing now to prepare for being compliant to these changes?

[Stempin] SAS 141 delayed the effective date of all of these standards, but I just want to make sure people understand that they can adopt early. I will say, though, that I've not heard of firms taking that approach, so that is one option.

I think the space that most people are in is similar to what I said before. I think it's super important that folks have a conversation with the stakeholders so that they know these changes are coming.

Hopefully, the people who are reading the financials do understand what the ERISA section 103A3C is, but we want to make sure that the stakeholders understand what these new audit opinions are. Or, that these activities and the responsibilities of management and the auditor may not necessarily be different, but rather they understand that these are just expressly stating what it is, in fact, we're doing.

They understand what new activities people are taking on, and what activities have stayed the same. You know, we'd prefer to have people understand what's happening now, versus they get the report and say, "What's all this?"

It's just a great opportunity for folks just to check in with those stakeholders, so be it auditors with clients, clients with auditors, bankers, insurance companies, whoever that world of stakeholders might be for you, and make sure that people are all connected and communicating, and understand what these changes would be.

Administratively, same kind of thing. This is something where you can begin to start working on drafts in downtime, and plan for downtime so that people can effectively use their time and get in front of this, potentially early.

Our conversation here has covered a lot of new standards, a lot of technical information. It seems like, as you've said throughout the piece, some of the changes are more along the lines of language and clarification, as opposed to huge substantive changes. I wonder if there's anything we haven't addressed that may be of importance for the audience to know. Any final thoughts or issues you see with the changes?

[Stempin] I think those are all wonderful changes, and some fabulous thoughts went into them. I can't possibly do them justice in the amount of time that was here, and they have some excellent examples embedded within them, so I really encourage folks to take a look at them. The key is, make sure that the stakeholders know these changes are coming.

The last thing I'd want folks, potentially a banker, to do is read the new language and think there's a going concern issue, when none is present.

Typically, we used to only put that language in when something was wrong.

Now that it appears in the normal language, I would hate for somebody to read them and read it incorrectly. That's why I really do encourage having the conversations earlier.

Same thing with the judgments. Often times, historically, we'd put stuff in when it was bad, not when it was good.

So having and including this stuff around judgments is all about transparency, but I wouldn't want people to perceive there to be a disagreement when none exists.

That's part of the reasons for why I drafted those two pieces: I want folks to be in front of this and looking at them, so you can potentially even take the two articles that you received and share them with your clients, share them with your stakeholders, so that they can begin to understand what the changes are going to look like, and that's for 134.

For the EB audits, again, the key things here is the change in language. What I wouldn't want a reader to think is that a full-scope audit was done when a limited scope was done, just because the language changed.

Even though I no longer want to use that word “limited scope,” but I want folks to really accept and embrace the new language because it's actually correct. I wouldn't want somebody to confuse that with the nature of what the work was that was performed.

Again, I think the focus of all of this is about transparency and trust, and I think that's something we can all get behind. I really support all the work that's been done here. It's really been fabulous.

Leave a comment

Follow @PaCPAs on Twitter
Disclaimer
Statements of fact and opinion are the authors’ responsibility alone and do not imply an opinion on the part of PICPA officers or members. The information contained in herein does not constitute accounting, legal, or professional advice. For professional advice, please engage or consult a qualified professional.