New Auditing Standards for Employee Benefit Plan Audits

As you may be aware, a new suite of Statements on Auditing Standards (SAS), primarily SAS 136, have been issued that impact the audits of employee benefit plans. These new standards are effective for periods ending on or after December 15, 2021 and will change some of the procedures we perform as well as change the look of the auditor’s report.

The goal of the new SASs is to enhance the quality of plan audits that are subject to the Employee Retirement Income Security Act of 1974 (ERISA) by prescribing certain procedures required to be performed in the audit. The new SASs also look to add transparency to the nature and scope of ERISA benefit plan audits as presented in the auditor’s report.

Changes to Audit Reports, Engagement Letters and Other Communications
The new SASs clarify the responsibilities of plan management and auditors. Certain of these responsibilities are now included in the auditor’s report, engagement letters and required communications.

The auditor’s responsibilities that are now disclosed in the auditor’s report include professional judgements, professional skepticism and the auditor’s communication with those charged with governance. Management’s responsibility for the assessment of going concern and the auditor’s responsibility over management’s assessment is also now included in the auditor’s report, when applicable.

In addition, management’s responsibility to maintain a current plan instrument, administer the plan, maintain sufficient records for plan transactions and benefits, and their responsibility for the financial statements will be stated in the engagement letter.

The overriding goal of these changes is to clarify each party’s role and responsibility throughout the audit process and formalize certain procedures that in the past were sometimes left to auditor’s judgement.
Under the new standards, plan sponsors can expect to see a more thorough auditor’s report. The new SASs will change how auditors report their findings to those charged with governance. In addition to communicating deficiencies in internal control, auditors will now also be required to communicate reportable findings in writing to those charged with governance.

Changes to Audit Procedures and Documentation
The new SASs implement changes that affect multiple aspects of an ERISA plan audit, including engagement acceptance, risk assessment and response, communication with those charged with governance, and performance procedures and reporting.

Some of the most notable changes include:

  • Prescribes certain performance requirements on ERISA plan audits
  • If a plan sponsor elects an ERISA Section 103(a)(3)(C) – formerly known as a limited scope audit – management must affirm that this is permissible and that the qualified institution can certify the investment information
  • Management must provide to the auditor a substantially complete Form 5500 draft before issuance of the auditor’s report
  • The auditor must communicate reportable findings in writing to those charged with governance

Change in Limited Scope Audits
Before the issuance of the new SASs, plan sponsors could elect to have a limited scope audit performed, which excludes certain audit procedures over investments and investment income that are certified by a qualified institution as complete and accurate. The new SASs eliminate the limited scope moniker and replace it with an ERISA Section 103(a)(3)(C) audit. While this new audit is similar to what was known as a limited scope audit, it does include heightened reporting requirements.

This summary of changes is intended to provide information to assist you in preparing for your plan audit. If you have any questions or would like additional information, please contact us.