New Auditing Standard – SAS 136 will Impact Employee Benefit Plan Audits
The American Institute of Certified Public Accountants (AICPA) issued a new audit standard for employee benefit plans in July 2019. The new standard is commonly referred to as SAS 136 but its official name is Statement on Auditing Standards (SAS) No. 136, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to the Employee Retirement Income Security Act of 1974 (“ERISA”).
The standard was delayed a year due to COVID 19, however, firms could early adopt if they chose. The auditing standard is effective for plan years ending after December 15, 2021.
The auditing standard requires new performance requirement for auditors and changes the audit opinion for employee benefit plan audits. The standard was issued to improve audit quality and also enhance the communicative value and transparency of the auditor’s report. The auditors will see new requirements as it relates to engagement acceptance, risk assessment, specific procedures related to ERISA plan audits, communicating reportable findings and a new opinion. Plan management can also expect to see expanded responsibilities as well.
Prior to the auditor performing the audit, the auditor will request management, through the engagement letter, to acknowledge that they are maintaining a current plan instrument, including amendments, administering the plan and making a determination that plan transactions conform with plan provisions, maintaining participants records to determine benefit due and providing the auditor with a draft of Form 5500 that is substantially complete prior to the auditor issuing their auditor’s report
The limited scope audit will have a new name-ERISA section 103(a)(3)(c ) audit. The auditor will no longer issue a disclaimer opinion, but rather an ERISA section 103(a)(3)(c ) opinion. Plan certifications will still be obtained, however, plan management will need to determine if the certification meets the requirements of the Department of Labor (“DOL”). Plan management will need to determine the following: if an ERISA Section 103(a)(3)(c ) audit is permissible; the investment information is prepared and certified by a qualified institution, the certified investment information is appropriately measured, presented, and disclosed in the applicable financial reporting framework (such as GAAP, modified cash basis, etc.) The auditor is required to inquire of management about how management determined the certifying entity is a qualified institution. The plan auditor will also need to obtain from plan management representations at the conclusion of the audit stating that management has provided the auditor with the most current plan instrument, including plan amendments and management acknowledges its responsibility for administering the plan and determining that the plan’s transactions that are presented and disclosed in the financial statements are in conformity with the plan’s provisions, and maintaining sufficient records with respect to each of the participants to determine the benefits due.