Changes Coming to Your ERISA Employee Benefit Plan Audit

  • Employer strategies
  • 12/1/2021

Key insights

  • The American Institute of Certified Public Accountants (AICPA) issued Statement on Auditing Standards No. 136 (SAS 136) to help strengthen the quality of employee benefit plan audits.
  • Due to COVID-19, the effective date was extended to plan periods ending on or after December 15, 2021 (plan audits performed in 2022).
  • SAS 136 eliminates the DOL limited-scope audit and brings significant changes to the form and content of the auditor’s report.
  • Understand your responsibilities for maintenance and administration of plan documents and provisions.

Get help preparing for your 2021 EBP audit

Talk to an Advisor

In 2015, the Department of Labor (DOL) published a study that found 39% of employee benefit plan audits had one or more major deficiency. Because of these results, the DOL asked the American Institute of Certified Public Accountants (AICPA) to initiate a project to help strengthen the quality of employee benefit plan audits and enhance auditor reporting.

In response to the DOL’s request, the AICPA issued Statement on Auditing Standards No. 136, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA (SAS 136), in July 2019. SAS 136 was originally scheduled to be effective for plan periods ending on or after December 15, 2020. However, in May 2020, the AICPA issued Statement on Auditing Standards No. 141, which allowed a one-year delay and deferred the effective date to plan periods ending on or after December 15, 2021 (plan audits performed in 2022) due to the difficulties imposed by COVID-19. Early adoption of SAS 136 was permitted.

SAS 136 significantly changes the way auditors are required to audit and report on employee benefit plans subject to the Employee Retirement Income Security Act (ERISA). It is intended to enhance the quality of audits, clarify reporting requirements, and increase the transparency of the auditor’s report.

SAS 136 includes new requirements for auditors, including engagement acceptance, audit risk assessment and response, communications with governance including reportable findings in writing, procedures for an ERISA Section 103(a)(3)(C) audit, and considerations relating to Form 5500.

Things to consider before your audit

SAS 136 also addresses management’s responsibilities. In preparation for your plan audit — even before an auditor accepts the engagement — you need to understand your responsibility for:

  1. Maintaining a current plan instrument, including all plan amendments
  2. Administering and determining if plan transactions presented and disclosed in the plan’s financial statements are in conformity with plan provisions
  3. Maintaining sufficient records on each participant to determine benefits currently due or that may become due
  4. Providing your auditor with a substantially completed draft Form 5500, including forms and schedules that could have a material effect on the plan, qualitative and quantitative considerations on the information in the financial statements, and ERISA-required supplemental schedule, prior to the dating of the auditor’s report

What to expect during your audit

One of the most significant changes from implementation of SAS 136 will be the elimination of the DOL limited-scope audit. Under the previous audit standards, when performing a limited-scope audit, your auditor has been required to issue a disclaimer of opinion because the certified investment information was not audited. Limited-scope audits are permitted under ERISA code section 103(a)(3)(C) and therefore, under SAS 136, these audits will now be referred to as “ERISA Section 103(a)(3)(C).” This is no longer considered a scope limitation but rather it permits the auditor to issue a form of an unmodified opinion. Under SAS 136, if you elect to do an ERISA Section 103(a)(3)(C) audit, you will need to provide your auditor with additional management representations acknowledging three key points:

  1. An ERISA Section 103(a)(3)(C) audit is permissible
  2. The entity preparing and certifying the investment information is qualified to do so (required to be a bank, trust company, or insurance company)
  3. The certified investment information is appropriately measured, presented, and disclosed in accordance with the applicable financial reporting framework

SAS 136 also brings significant changes to the form and content of the auditor’s report included in the plan’s financial statements. With SAS 136, your auditor will not disclaim an opinion, but will instead provide a new, two-pronged opinion unique to ERISA employee benefit plan audits stating:

  1. Whether the information not covered by the certification is presented fairly
  2. Whether the certified investment information in the financial statements agrees to or is derived from the certified investments statements

Additionally, your auditor will consider certain plan provisions that affect the risk of material misstatement (e.g., whether the eligibility provisions were met for employees to participate in the plan and receive contributions). After testing plan provisions, the auditor will evaluate the results and communicate in writing reportable findings that are significant and relevant to those charged with governance.

How we can help

It is important to understand the new requirements and how they will impact your plan audit. CLA’s employee benefit plan professionals are staying on top of these new rules. With proper planning, preparation, and communication, you and your auditor can make the process as efficient as possible.

Experience the CLA Promise