Employee benefit plan sponsors and auditing firms are preparing to adopt Statement on Auditing Standards (SAS) No. 136, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to the Employee Retirement Income Security Act of 1974 (ERISA). The new standard addresses certain new performance and reporting requirements for audits of employee benefit plans (EBPs) subject to ERISA and makes several changes to the auditor’s report.
Plan sponsors should take some time to understand SAS 136 and its impact on the employee benefit plan audit process.
- Most audit firms have not elected early adoption of SAS 136, so changes will be effective for employee benefit plan audits of years ending after December 15, 2021.
- The new standard codifies many of the best practices that have always been a part of a quality employee benefit plan audit.
- Next steps include familiarizing yourself with management’s new responsibilities, which include reviewing your Form 5500 and your third-party administrator’s certification.
Overview of SAS 136
The aim of SAS 136 is to clarify each party’s roles and responsibilities throughout the audit process, enhance the quality of EBP audits, improve audit transparency, and enhance the auditor reporting model.
The standard creates new requirements for all phases of EBP audits, including audit procedures, communications, and reporting.
The original effective date of SAS 136 was for Plan years ending on or after December 15, 2020. However, due to the COVID-19 pandemic, the ASB delayed the effective date to Plan years ending on or after December 15, 2021. Although audit firms may choose to adopt the new standard this year, Holtzman has not elected early adoption.
In practice, Holtzman’s audit process is not expected to change significantly as a result of the adoption of this standard. Plan Sponsors will receive the same thorough audits and quality service they are used to receiving.
What changes can plan sponsors expect?
Much of the new standard addresses auditor focus areas which might not directly impact the Plan sponsor, such as engagement acceptance considerations and the auditor’s risk assessment and response. However, the standard also clarifies certain plan management responsibilities and requires some of these responsibilities to be addressed in the auditor’s report and other required communications.
Here are a few of the more visible changes Plan management can expect post-SAS 136 adoption.
Changes to audit opinion
In the past, plan sponsors could elect to have their auditors perform a limited scope audit, which excluded certain audit procedures over investments and investment income, as long as a qualified institution certified it as complete and accurate.
SAS 136 eliminates limited scope audits, replacing them with ERISA Section 103(a)(3)(C) audits for plans with certified trust reporting.
Changes to communication of control matters
SAS 136 also requires auditors to communicate “reportable findings” in writing to those charged with governance. “Reportable findings” under SAS 136 are similar to internal control matters previously communicated as material weaknesses and/or significant deficiencies the auditor, but are defined as one or more of the following:
- An identified instance of noncompliance or suspected noncompliance with laws or regulations.
- A finding arising from the audit that is, in the auditor’s professional judgment, significant and relevant to those charged with governance regarding their responsibility to oversee the financial reporting process.
- An indication of deficiencies in internal control identified during the audit that have not been communicated to management by other parties and that, in the auditor’s professional judgment, are of sufficient importance to merit management’s attention.
Auditor judgment, professional skepticism, and communicating with those charged with governance have always been a part of Holtzman’s employee benefit plan audits.
Changes to management’s responsibilities
Management must affirm the appropriateness of certified investment information and provide a substantially complete Form 5500 draft to the auditor prior to report issuance. In order to qualify as a Section 103(a)(3)(C) audit, plan sponsors have responsibility for:
- Assessing whether the entity issuing the certification is a qualified institution
- Ensuring the certification meets ERISA requirements and gaining an understanding of which investments and disclosures are certified
- Acknowledging, in writing, that all the conditions are met and that an ERISA section 103(a)(3)(C) audit is appropriate.
Current action items for 2021 EBP audits
Plan sponsors should begin discussing the upcoming changes with their audit team and prepare to fulfill their new responsibilities. In the meantime, some steps you can take to prepare include:
- Understand the expanded scope of management’s responsibilities, including maintaining a copy of the current plan document and amendments, ensuring plan transactions are consistent with plan provisions, and maintaining sufficient records.
- Review your third-party administrator’s certification to ensure it allows your audit firm to perform an ERISA Section 103(a)(3)(C) audit.
- Evaluate the quality of your current EBP audit. Is your current audit firm prepared to meet the increased responsibilities required on future plan audits? SAS 136 is designed to bring clarity and conformity to the EBP audit industry and audit firms without experience and expertise in EBP audits may struggle to fully comply. SAS 136 codifies many of the best practices that Holtzman has followed for years.
Holtzman’s team of Audit & Assurance professionals can help meet your employee benefit plan’s annual audit and filing requirements and work to protect the plan’s integrity. As an AICPA Employee Benefit Plan Audit Quality Center Member, we audit 100+ plans representing more than 160,000 participants and plan assets over $4.3 billion. Our goal is to provide value throughout the employee benefit plan process, help to identify risk areas, and put best practices into place to support your business. Learn more about our full suite of employee benefit plan services and get in touch today!
- Auditing Standards: Why You Should Get Ready for SAS 136
- Form 5500 Requirements: What is the auditor’s responsibility?
- Audit Management Letters: What You Need to Know About These Findings
- Common 401K Errors: Untimely Remittances of Employee Contributions
- Common 401K Errors: The Importance of Accurate Employee Census Data
- Employee Benefit Plan Audits: A Deep Dive
- Make Sure Your Annual Census Report Is Accurate
- Full-scope vs. Limited-scope Audits