Employee Benefit Plan Audits
In our February newsletter, we discussed changes coming to audits of employee benefit plans as a result of the American Institute of Certified Public Accounts (AICPA) issuing Statement on Auditing Standards (SAS) No. 136 - Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to Employee Retirement Income and Security Act of 1974 (ERISA). This standard is effective for audits of ERISA plan financial statement periods ending on or after Dec. 15, 2021. The standard establishes new performance and reporting requirements specific to ERISA plan financial statement audits. While most of the changes are new requirements for plan auditors, plan administrators should be prepared for how the changes impact management’s responsibilities for audits of employee benefit plans being performed in 2022.
Section 103(a)(3)(C) of ERISA allows plan administrators to elect to instruct the auditor not to perform any additional procedures with respect to the investment information prepared and certified by a qualified institution (bank or similar institution or by an insurance company that is regulated, supervised, and subject to periodic examination by a state or federal agency). This type of audit was previously known as a “limited scope” audit with a disclaimer of opinion issued by the auditor. Under the new standard, the auditor will no longer issue a disclaimer of opinion, but instead will issue a two-pronged opinion that is based on the audit and on the procedures performed relating to the certified investment information.
When management elects to have an ERISA Section 103(a)(3)(C) audit, it is the responsibility of the plan administrator to determine whether the conditions for electing an ERISA Section 103(a)(3)(C) audit, as set forth in ERISA and the Department of Labor (DOL)’s rules and regulations, have been satisfied. The auditor will ask plan management how they determined the conditions to elect an ERISA Section 103(a)(3)(C) audit have been met.
As part of the auditor’s acceptance of the audit engagement, management is responsible for acknowledging the following:
- that management is maintaining a current plan instrument, including all plan amendments
- administering the plan and determining that the plan’s transactions that are presented and disclosed are in conformity with the plan’s provisions, including maintaining sufficient records with respect to each participant
- when management elects to have an ERISA Section 103(a)(3)(C) audit, determining whether:
- this type of audit is permissible. (Management should review what is covered by the certification and whether the certifying institution and certification comply with DOL rules and regulations before concluding whether an ERISA Section 103(a)(3)(C) audit is permissible.)
- the investment information is prepared and certified by a qualified institution as described in 29 CFR 2520.103-8. (Note that broker dealers and investment companies are not qualified institutions; however, some of those institutions may have established separate trust companies that could meet the requirements to be a qualified institution.)
- the certification meets DOL requirements in 29 CFR 2520.103-5. (The certification is in writing, signed by a person authorized to represent the qualified institution, includes the name of the Plan, the period covered, and the institution must certify both the accuracy and completeness of the investment information. Certifications that address only the accuracy or completeness, but not both, do not comply with the DOL’s regulation.)
- the certified investment information is appropriately measured, presented, and disclosed in accordance with the applicable financial reporting framework. (Plan investments generally are presented at fair value in accordance with Financial Accounting Standards Board (FASB) Accounting Standards Codification (ASC) 820, Fair Value Measurement.)
If certain investments are excluded from the certification, those assets would not be eligible for the ERISA Section 103(a)(3)(c) audit election, and the plan administrator is responsible for engaging the auditor to perform audit procedures on those investments.
At the conclusion of the audit, the auditor will obtain certain written management representations regarding these responsibilities. In addition, plan management will need to provide the auditor with a draft Form 5500 prior to the auditor dating the auditors’ report, in order to identify any material inconsistencies that may require the Form 5500 or plan financial statements to be revised.
If you have any questions surrounding the new standard or about employee benefit plan audits, please reach out to Betsy.
By Elizabeth “Betsy” Wadsworth, CPA