In 2015, the Department of Labor (DOL) published a study that found 39 percent of employee benefit plan audits had one or more major deficiency. Because of these results, the DOL asked the American Institute of Certified Public Accountants (AICPA) to initiate a project to help strengthen the quality of employee benefit plan audits and enhance auditor reporting.
In response to the DOL’s request, the AICPA recently issued Statement on Auditing Standards Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA (SAS). This standard significantly changes the way auditors will audit and report on employee benefit plans subject to the Employee Retirement Income Security Act (ERISA).
The current version of the SAS is in final balloted draft form, pending amendments from the Auditor Reporting Statement on Auditing Standards. The AICPA is expected to finalize the standard sometime in the first half of 2019.
The SAS includes new requirements for auditors, including engagement acceptance, audit risk assessment and response, communications with governance, procedures for an ERISA section 103(a)(3)(C) audit, and considerations relating to Form 5500. When issued, the SAS effective date is expected to be no earlier than for financial statement audit periods ending on or after December 15, 2020.
Things to consider before your audit
In preparation for your plan audit — even before an auditor accepts the engagement — you need to understand your responsibility for:
- Maintaining a current plan instrument
- Administering and determining if plan transactions are presented and disclosed in the plan’s financial statements in conformity with plan provisions
- Maintaining sufficient records on each participant
If you elect to do an ERISA section 103(a)(3)(C) audit, previously referred to as a limited-scope audit, you will need to provide your auditor with additional management representations acknowledging three key points:
- An ERISA section 103(a)(3)(C) audit is permissible
- The entity preparing and certifying the investment information is qualified to do so
- The certified investment information is appropriately measured, presented, and disclosed
You will also need to provide your auditor with a completed draft of the plan’s Form 5500. The draft should include forms and schedules that could have a material effect, qualitative and quantitative considerations on the information in the financial statements, and ERISA-required supplemental schedules. The auditor will need this draft before they can date their report.
What to expect during your audit
When performing a limited-scope audit under current audit standards, your auditor is required to issue a disclaimer of opinion because the certified investment information was not audited. With this new SAS, your auditor won’t disclaim an opinion, but will instead provide a new, two-pronged opinion unique to ERISA employee benefit plan audits:
- Whether the information not covered by the certification is presented fairly, and
- Whether the certified investment information in the financial statements agrees to or is derived from the certified investment statements.
Additionally, your auditor will consider certain plan provisions that affect the risk of material misstatement (e.g., whether the eligibility provisions were met for employees to participate in the plan and receive contributions). After testing plan provisions, the auditor will evaluate the results and communicate in writing reportable findings that are significant and relevant to those charged with governance.
How we can help
While the effective date of this SAS is unknown at this time, it’s important to know the requirements and how they will impact your plan audit. CLA's employee benefit plan professionals will stay on top of these new rules as the AICPA works to finalize the SAS. With proper planning, preparation, and communication, you and your auditor can make the process as efficient as possible.