In July 2019, the AICPA ASB issued SAS 136 “Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA”. This standard was released for various reasons:
- Clarify the audit requirements for engagement acceptance
- Clarify audit risk assessment and response relating to plan provisions
- Clarify communication of reportable findings to those charged with governance to provide improve the usefulness and transparency of the auditors’ reports on employee benefit plans
- Clarify responsibilities relating to the ERISA-required supplemental schedules
The effective date for SAS 136 is for periods ending on or after December 15, 2020, and early adoption is not permitted. This SAS is only applicable to audits of ERISA plan financial statements.
While the below is simply a summary of the new SAS, the standard can be found here .
SAS 136 will likely not require a substantial amount of additional work that auditors were not already performing, it will cause significant changes to form and presentation of the financial statements (specifically, the auditor’s report).
In addition to the requirements already established, auditors must obtain the agreement from management of the plan that management accepts and understands its responsibility to maintain a current plan instrument and to administer the plan in conformity with the plan’s provisions. Further, one of the biggest changes is that the terminology “limited-scope audit” has been replaced with “ERISA Section 103(a)(3)(C) audit”, and management must determine whether such audit is permissible (in other words, the investments are properly certified). The auditor should also inquire with management as to how they determined the certification was qualified. If there is any question regarding whether the investments are properly certified, this should be discussed with plan management prior to performing the audit. The auditor should receive written representations from management stating that the above has been performed.
Further, the certified information must agree with the information presented on the plan’s financial statements and audit procedures must be performed on all items not covered by the certification. Specifically, SAS 136 mentions that contributions and benefit payments should be tested to ensure that the amounts reported were determined in accordance with the plan provisions.
Audit Risk Assessment and Responses
SAS 136 clarifies that the auditor should read the most recent plan instrument for the audit period and consider the plan’s provisions when assessing the risk of material misstatement. Further, when the auditor is performing risk assessment procedures, the relevant plan provisions that could affect the risk of material misstatement should be considered. Consideration must also be given to the plan’s tax status (i.e. whether discrimination or other IRC compliance tests were performed), and whether any prohibited transactions occurred that are required to presented in supplemental schedules to the financial statements.
In instances where the auditor identifies items that are not in accordance with the plan instrument, the auditor must evaluate if it is a reportable finding (i.e. noncompliance with laws, items relevant to those charged with governance, or a deficiency in internal control), and document the considerations to make that conclusion.
Communication with Those Charged with Governance
Based on the evaluation of the items mentioned in the paragraph above, written communication should be made to those charged with governance describing the finding as well as the potential effects of the findings. No written communication is required if no reportable findings were identified.
Possibly the biggest change made by SAS 136 is the form of the auditor’s report. The auditor must conclude whether they have obtained reasonable assurance that the financial statements are free from material misstatements (specifically, accounting policies must be properly applied, estimates are reasonable, disclosures are adequate, and the information is relevant, reliable, comparable, and understandable.)
For audits that are not ERISA Section 103(a)(3)(C) audits (formerly referred to as limited-scope audits), SAS 136 explicitly states the following must exist on the audit report:
- Opinion: SAS 136 describes the order of the auditor’s report, and the exact form of the opinion. The first section of the report must be titled “Opinion”, and the opinion should identify the plan, state that the plan is an employee benefit plan subject to ERISA, and state that the financial statements have been audited. The opinion should also identify the title of each statement within the financial statements, refer to the notes, and specify the dates covered by the financial statements.
- Basis for Opinion: The second section should be titled “Basis of Opinion”, and must state that the audit was conducted in accordance with GAAS, and include a statement that the auditor is independent and meets required ethical responsibilities, and whether the auditor believes that have obtained information sufficient to provide a basis of opinion.
- Responsibilities of Management for the Financial Statements: The report should include a section describing the responsibilities of management for the preparation of the financial statements, the design, implementation, and maintenance of internal controls, maintaining a current plan instrument, and administering the plan in accordance with the plan’s provisions.
- Auditor’s Responsibilities for the Audit of Financial Statements: This section must state the objective of the auditor to obtain reasonable assurance regarding whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and issue an auditor’s report that includes the auditor’s opinion. It must also state that absolute assurance is not a guarantee to detect material misstatements, and that the risk of not detecting a material misstatement due to fraud is higher than one resulting from error as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control. Misstatements are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users made on the basis of these financial statements.
- Supplemental Schedules: The auditor must report on whether the supplemental schedules are fairly stated and presented in conformity with the ERISA requirements.
- For audits that are ERISA Section 103(a)(3)(C) audits (formerly referred to as limited-scope audits), SAS 136 explicitly states the following must exist on the audit report:
- Scope and Nature of the ERISA Section 103(a)(3)(C) Audit: This is the required title of the first section of the auditor’s report, and it must identify the plan and State that the auditor performed an audit of the financial statements of an employee benefit plan subject to the Employee Retirement Income Security Act of 1974 (ERISA), as permitted by ERISA Section 103(a)(3)(C) (ERISA Section 103(a)(3)(C) audit. Further, it must include all items described in the “Opinion” paragraph above for non-ERISA Section 103(a)(3)(C) Audits. Additionally, it must state that management, has elected to have the audit of the plan’s financial statements performed in accordance with ERISA Section 103(a)(3)(C) pursuant to 29 CFR 2520.103-8 of the Department of Labor’s Rules and Regulations for Reporting and Disclosure under ERISA, and, as permitted by ERISA Section 103(a)(3)(C), the audit does not extend to any statements or information related to assets held for investment of the plan by a bank or similar institution or insurance carrier that is regulated, supervised, and subject to periodic examination by a state or federal agency, provided that the statements or information regarding assets so held are prepared and certified to by the bank or similar institution or insurance carrier in accordance with 29 CFR 2520.103-5 of the Department of Labor’s Rules and Regulations for Reporting and Disclosure under ERISA (qualified institution). Lastly, it must state that management has obtained a certification from a qualified institution for the specified dates, and for the period ended date, stating that the certified investment information, as described in the notes to the financial statements is complete and accurate.
- Opinion: The second section should be titled “Opinion” and should state that the opinion should only cover the information not included in the certification.
- Basis of Opinion: The next section should refer to the auditor’s responsibilities under GAAS, and state that the auditor is independent and has obtained information sufficient and appropriate to provide a basis for the ERISA Section 103(a)(3)(C) audit opinion.
- Responsibilities of Management for the Financial Statements: This includes the same information as non-ERISA Section 103(a)(3)(C) audits, however, should also state that such an election does not affect management’s responsibility for the financial statements.
- Auditor’s Responsibilities for the Audit of Financial Statements: This section is also the same as non-ERISA Section 103(a)(3)(C) audits, with the exception that it must state that it excludes the items in the Scope and Nature of the ERISA Section 103(a)(3)(C) Audit section. It must also state the objective of the ERISA Section 103(a)(3)(C) audit is not to express an opinion about whether the financial statements as a whole are presented fairly, in all material respects, in accordance with the applicable financial reporting framework.
- Other Matter — Supplemental Schedules Required by ERISA: This new standard also requires a specific section regarding the supplemental schedules, the periods they cover, and the various responsibilities of management as well as the auditor regarding the presentation of such information.
Other Requirements of SAS 136
SAS 136 also has various other requirements. One such requirement is to read and identify the draft of the Form 5500 to determine if there are any material inconsistencies between the financial statements and the Form 5500 that would require a modified opinion.
Further, required procedures for comparative financial statements are addressed, such as evaluating whether the financial statements have been presented in accordance with relevant requirements, and whether the amounts agree to prior period financial statements or have been restated. It also specifies procedures related to unaudited prior periods or prior periods audited by a different auditor.
Written by Adam Shaker