In July 2019, the AICPA Auditing Standards Board (ASB) issued Statement on Auditing Standards (SAS) No. 136, which addresses certain new performance and reporting requirements for audits of employee benefit plans subject to ERISA, while also providing transparency regarding the nature and scope of these audits. The SAS includes new requirements in all phases of an ERISA audit including engagement acceptance, risk assessment and response, communication with those charged with governance, performance procedures, and reporting.
Under SAS No. 136, audits previously referred to as “limited scope audits” will now be referred to as “ERISA section 103(a)(3)(C) audits.” The audit opinion of an ERISA section 103(a)(3)(C) audit will no longer include a scope limitation; rather the report will include information on the procedures performed on both certified and noncertified information as well as a new basis for opinion section.
The new language in the audit report will provide better clarity regarding management’s responsibility and the auditor’s responsibility, as well as providing an opinion on the financial statements in the case of ERISA Section 103(a)(3)(C) audits. These changes should alleviate the concerns and misunderstandings regarding the value of the extent of work that is required in an EBP-specific limited scope audit.
The new standard also includes additional responsibilities for plan management, which will be included in the audit engagement letter as well as the management representation letter. Such responsibilities include the following:
- Maintaining a current plan document, including all plan amendments;
- Maintaining sufficient records for plan transactions for assessing the certification letter issued by the plan’s custodian or trustee;
- Furnishing to their auditors a substantially complete draft Form 5500 prior to dating the audit report; and
- Providing any additional support and review to reconcile any reportable findings from the auditor.
Furthermore, the SAS includes a requirement that the auditor communicate, in writing, reportable findings, including identified or suspected noncompliance, to plan management and those charged with governance.
The effective date of this standard is for Plan financial statements for periods ending on or after December 15, 2021. As such, SAS No. 136 will apply to Plan audits for the year ending December 31, 2021.
To learn more about Johnson O’Connor’s Employee Benefit Plan Audit services, visit our website.