The AICPA Auditing Standards Board (ASB) issued a new opinion and reporting standard for employee benefit plan audits. SAS No. 136, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans, addresses the auditor’s responsibilities to form an opinion on the financial statements in addition to the form and content of the report issued as a result of an audit of the financial statements. The requirements were mainly in response to concerns from the Department of Labor (DOL).1 SAS No. 136 was released in July 2019, and is effective for audits of Employee Retirement Income Security Act (ERISA) plan financial statements for periods ending on or after Dec. 15, 2021, and early implementation is permitted.
The new standard has targeted enhancements to communicate the value and improve transparency of the auditor’s report for ERISA plan financial statements. The standard also covers changes to engagement acceptance, audit risk, communication with those charged with governance, management representations, considerations for filing Form 5500, and reporting on ERISA-required supplemental schedules. This column focuses on how to help prepare financial statement users for the depth and breadth of changes and to outline what users may want to be doing now to prepare.
ERISA generally requires every plan with more than 100 participants to obtain an audit of its financial statements each year. Traditionally, there were two types: full-scope and limited-scope audits. The objective of ERISA plan audits (formerly full-scope audits) is to express an opinion on the financial statements in accordance with generally accepted accounting principles (GAAP). ERISA Section 103(a)(3)(C) permits plan administrators to exclude from the audit any plan assets held by a bank or similar institution or insurance carrier regulated by a state or federal agency. This exclusion was formerly referred to as a limited-scope audit. SAS No. 136 now refers to this as an ERISA Section 103(a)(3)(C) audit. The rationale for the reduction in scope is due to existing governmental and regulatory audit procedures performed on these values. Per the DOL, the number of historical limited-scope audits has gone from 48% in 2001 to 83% in 2013.2 Due to that growth, this column focuses on the changes within the limited-scope opinion.
Areas of Change
Six key areas of change specific to ERISA Section 103(a)(3)(C) auditor’s reports are as follows:
• The limited-scope audit is now called an ERISA Section 103(a)(3)(C) audit.
• The order of the report has changed. The auditor’s opinion is to be presented earlier, appearing as the section after the scope and nature paragraphs of the report. The scope and nature expressly state that management has elected to have the audit performed in accordance with ERISA Section 103(a)(3)(C) and obtained the certification from a qualified institution.
• The Opinion section expressly states that amounts and disclosures not covered by the certification are presented fairly and the information related to the certified information agrees to or is derived from the certification. Additionally, it states that the auditor is independent and has met ethical responsibilities.
• The Responsibilities of Management for the Financial Statements section states the requirements of management, including the evaluation of conditions and events that might give rise to substantial doubt about the plan’s ability to continue as a going concern. It is now a required disclosure; previously it was included only if there was an issue. In addition, there are more explicit responsibilities around plan administration and recordkeeping.
• The Auditor’s Responsibilities for the Audit of the Financial Statements section states the requirements of the auditor in the evaluation of conditions and events that might give rise to questions about the plan’s ability to continue as a going concern. It, too, is now a required disclosure. Also, the responsibilities around professional judgment, professional skepticism, understanding internal control, and communication with those charged with governance are now expressly stated obligations.
• Other Matter – Supplemental Schedules Required by ERISA requires the auditor to provide a second opinion similar to what is on the ERISA-Required Supplemental Schedule(s), but this second opinion is over the form and content of supplemental schedules.
ERISA Audit (Full-Scope) Opinions
For an ERISA plan audit, the opinion was modeled after the changes in the new SAS No. 1343. There are two key areas of difference. The first is more explicit responsibilities in the Responsibilities of Management for the Financial Statements section around plan administration and record keeping. The second is the inclusion of the Other Matter – Supplemental Schedules Required by ERISA section, which requires an opinion on the supplemental schedules.
What Should Auditors Be Doing?
A focus of DOL’s reports was a need to enhance compliance through further training. That is a good place to start. In addition, auditors should begin processes to implement the other broader changes of the standard, such as engagement acceptance, audit risk, communication with the users and those charged with governance, management representations, considerations for filing Form 5500, and reporting on ERISA-required supplemental schedules.
1 Advisory Council on Employee Welfare and Pension Benefit Plans, Advisory Council Report on Employee Benefit Plan Auditing and Financial Reporting Models, Department of Labor (2010).
2 Assessing the Quality of Employee Benefit Plan Audits, Department of Labor (2014).
3 SAS No. 134, Auditor Reporting and Amendments, Including Amendments Addressing Disclosures in the Audit of Financial Statements (May 2019).
Nancy J. Stempin, CPA, CGMA, CIDA, is director of technical accounting at Brown Schultz Sheridan & Fritz, headquartered in Camp Hill, as well as an adjunct professor at Fairleigh Dickinson University in Madison, N.J. She can be reached at email@example.com.