By Roland J. O’Brien, CPA

Statements on Auditing Standards Nos. 134-140 significantly changed the content and appearance of the auditor’s report for Employee Retirement Income Security Act (ERISA) Section 103(a)(3)(C) audit engagements, formerly known as limited-scope audits. The new standards increase plan management’s and the plan auditor’s responsibilities for determining whether an ERISA Section 103(a)(3)(C) engagement is permissible.

Plan Management’s Responsibilities

Among other requirements, plan management must now determine whether the investment information is prepared and certified by a qualified institution, the certification meets the requirements in 29CFR 2520-103-5, the certification is signed by an authorized person, and the certification states that the investment information is complete and accurate.

The most significant impact of the new standards relates to plan management’s responsibility for certified investment information. Plan management is responsible for obtaining the certification and reading it. Plan management must also determine if the certified investment information included in the financial statements is appropriately measured, presented, and disclosed in accordance with the applicable financial statement reporting framework.

Plan Auditor’s Responsibilities

The plan auditor also has increased responsibility. At the engagement-acceptance level, the auditor is required to inquire how plan management determined the certifying entity is a qualified institution under Department of Labor (DOL) regulations and that the certifying entity is qualified to issue a certification. The auditor is also required to obtain a copy of the certification from plan management; read it; identify which investments are certified; compare the certified investment information with the financial records, financial statements, and ERISA-required supplemental schedules; and read the disclosures related to the certified investment information to see that it is in accordance with the presentation and disclosure requirements of the applicable financial reporting framework. The auditor is also required to obtain additional representations from plan management regarding its responsibilities when electing an ERISA Section 103(a)(3)(C) audit.

Certification Deviations

There are times when certification contains deviations from the DOL regulations. These may include, but are not limited to, when the certification is not from a qualified certifying institution; it does not state both accuracy and completeness; the investments are not held by a qualifying institution; certain investments have been excluded or are included improperly; and the certification does not cover the period of the financial statements and the information is incomplete or incorrect. It may be determined that ERISA Section 103(a)(3)(C) is not permissible under the circumstances; a full-scope audit then would be performed.

Instances when certifications are obtained for master trusts or certifications are provided by entities acting as agents for the qualifying institution would require additional analyses.

Certification Analyses

Plan management and the plan auditor are not without resources to assist them in fulfilling their responsibilities for determining if an ERISA Section 103(a)(3)(C) audit is permissible, the certification is from a qualified institution, it is proper in its form and content, and the investment information is properly measured, presented, and disclosed. The AIPCA Employee Benefit Plan Audit Quality Center has several advisories and tools to assist both plan management and plan auditors with addressing and documenting their conclusions.

To learn more about certifications and ERISA Section 103(a)(3)(C) audits, attend the 2022 PICPA Employee Benefit Plans Conference on May 17, 2022, where O'Brien will present “Deja Vu Again: Revisiting Qualified Institution Certifications.” 

Roland J. O’Brien, CPA, is director of the national assurance technical group at CliftonLarsonAllen LLP in Plymouth Meeting, Pa., and is a member of PICPA’s Employee Benefit Plans Thought Leadership Committee. He can be reached at roland.obrien@claconnect.com.

Sign up for weekly professional and technical updates from PICPA's blogs, podcasts, and discussion board topics by completing this form.