As previously communicated, Statement on Auditing Standards (SAS) 136, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA, will bring significant changes for employee benefit plans and their auditors effective for audits of periods ending on or after December 15, 2021.
For employee benefit plans subject to the Employee Retirement Income Security Act of 1974 (ERISA), SAS 136 changes the look of the auditor’s report. The form and content of the auditor’s report will depend upon the type of audit.
There are generally two types of ERISA plan audits—(a) an ERISA plan audit performed pursuant to Section 103(a)(3)(C) and (b) an ERISA plan audit other than an ERISA Section 103(a)(3)(C) audit (which may be referred to as a non-section 103(a)(3)(C) audit). Under ERISA Section 103(a)(3)(C), the audit need not extend to information prepared and certified by a bank or similar institution or by an insurance carrier that is regulated, supervised and subject to periodic examination by a state or federal agency. The conditions for this election are outlined under 29 CFR 2520.103-5 and 8. In addition, there is a similar election that applies to plan assets invested in “103-12 entities,” which is found under the ERISA regulations at 29 CFR 2520.103-12.
If plan management cannot or does not make the election for the audit to be performed under ERISA Section 103(a)(3)(C), the form and content of the auditor’s report (formerly referred to as a “full-scope” auditor’s report) will be similar to that issued for most organizations. The reporting requirements of SAS 136 generally align with the requirements of recently effective SAS 134, Auditor Reporting and Amendments, Including Amendments Addressing Disclosures in Financial Statements, which, among other enhancements, expanded the descriptions of the responsibilities of management and the auditor in the auditor’s report. However, instead of the SAS 134 requirements, the specific auditor reporting form and content requirements of SAS 136 will apply, and those requirements include some differences, such as expanded descriptions of the responsibilities of management and the auditor. For example, the description of management responsibilities will encompass maintaining the current plan instrument, including all plan amendments; administering the plan; and determining that the plan’s transactions presented and disclosed in the financial statements are in conformity with the plan’s provisions, including maintaining sufficient records with respect to each of the participants to determine the benefit due or which may become due to such participants.
If the plan is eligible for and plan management makes the election for the audit to be performed under ERISA Section 103(a)(3)(C), this no longer will result in a scope limitation in the auditor’s report. As a result, the auditor’s report for an ERISA section 103(a)(3)(C) audit will include a two-part opinion addressing (a) whether the amounts and disclosures in the ERISA plan financial statements that are not covered by the certification are presented fairly in accordance with the applicable financial reporting framework, and (b) whether the investment information in the ERISA plan financial statements related to the certified investment information agrees to or is derived from the certified investment information provided by a qualified institution.
Unique to this type of audit will be a section describing the scope and nature of an ERISA Section 103(a)(3)(C) audit, including a statement that management has elected this type of audit after having determined it is permissible in the circumstances, and has obtained an appropriate certification from a qualified institution. The auditor’s report also will include expanded descriptions of the responsibilities of management and the auditor, as well as additional descriptions of responsibilities regarding the certification and qualifications of the certifying entity. Management’s election does not affect their responsibility for the fair presentation of the ERISA plan financial statements. The report will state that the audit did not extend to the certified investment information, except for obtaining and reading the certification, comparing the certified investment information with the related information presented and disclosed in the financial statements, and reading the disclosures relating to the certified investment information to assess whether they are in accordance with the presentation and disclosure requirements of the applicable financial reporting framework.
In either type of audit, and depending on the results of the audit, the auditor may express an unmodified, qualified or adverse opinion or a disclaimer of opinion.
The auditor’s report cannot be dated any earlier than the date on which sufficient appropriate audit evidence on which to base the opinion has been obtained, including evidence that (a) all the statements and disclosures that comprise the ERISA plan financial statements have been prepared, (b) management has asserted that it has taken responsibility for those ERISA plan financial statements, and (c) the procedures relating to the draft Form 5500 have been performed, as required under SAS 136.
Regardless of whether plan management makes the election under ERISA Section 103(a)(3)(C), the auditor’s report also will include additional language in a separate paragraph regarding the ERISA-required supplemental schedules. This paragraph will clarify that the supplemental schedules are required by the U.S. Department of Labor (DOL) and that the auditor evaluated whether they are presented in conformity with the DOL’s Rules and Regulations for Reporting and Disclosure under ERISA.
Appendix A of the 2021 American Institute of Certified Public Accountants Audit & Accounting Guide, Employee Benefit Plans, includes a helpful comparison of the elements of the auditor’s report for the two types of ERISA plan audits.