In July 2019, the AICPA Auditing Standards Board issued the Statement on Auditing Standards (SAS) 136, Forming an Opinion and Reporting on Financial Statements of Employee Benefits Plans Subject to the Employee Retirement Income Security Act of 1974 (ERISA). The SAS addresses an auditor’s responsibility for the topic included in the title, along with the form and content of auditor’s reports issued as a result of audits of ERISA plan financial statements.

The SAS aims to enhance the transparency and usefulness of communications included in the auditor’s report for ERISA plan financial statements. Changes will be made relating to audits previously referred to as “limited scope” audits, Form 5500, communications with management, management representation, and management responsibilities, risk assessment, as well as other topics. Plans that are affected include 401(k), 403(b), defined benefit, and health and welfare plans.

After the effective date, audits previously referred to as “limited scope” audits will now be referred to as “ERISA section 103(a)(3)(C) audits.” The SAS includes new performance and reporting requirements for these audits, and they will no longer be considered to have a scope limitation. Additionally, the Opinion Section of the report will be split into two parts. The first addresses the amounts and disclosures not covered by certification and will confirm that the plan financial statements have been prepared in accordance with the applicable financial reporting framework. The second paragraph will state whether investment information related to the certification agrees with information provided by a qualified institution.

The SAS requires that management provide the auditor with a draft of the Form 5500 so that the auditor may review it for items that may be materially inconsistent with the audited ERISA plan financial statements. If there are findings, the auditor’s will then be able to determine whether the Form 5500 or the plan financial statements need to be corrected.

Communications with management should include:

  • Reportable findings made in a timely manner to both management and those charged with governance
  • Any prohibited transactions that have not been properly reported in the supplemental schedule required by ERISA
  • The auditor’s responsibility in regard to the Form 5500, any procedures performed, and the results of those procedures

Additionally, the auditor must obtain certain written management representations regarding management’s responsibilities for administering the plan and these must be attained at the conclusion of the engagement. Management must provide the auditor with the most current plan document for the audit period, along with any plan amendments.

New engagement acceptance requirements state that the auditor will request plan management to acknowledge with the engagement letter all management responsibilities, including the following:

  • Maintaining a current plan file including the plan document and any amendments
  • Administering the plan and determining that the transactions presented and disclosed in the plan financial statements are in conformity with plan provisions, including sufficient records for plan participants
  • Providing a completed draft of the Form 5500 to the auditors prior to dating the auditor’s report
  • When choosing to elect an ERISA section 103(a)(3)(C) audit, determining whether it is permissible under the circumstances

The standard is effective for financial statement audits for periods ending on or after December 15, 2020, with early adoption not permitted.

By Elyse McMillen, CPA