Employee benefit plan sponsors and their auditing firms need to begin preparing for the adoption of Statement on Auditing Standards No. 136 (SAS 136), Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA (Employee Retirement Income Security Act of 1974). This auditing standard was enacted by the American Institute of Certified Public Accountants (AICPA) and was effective for years ending after December 15, 2020. While the AICPA delayed the effective date by one year due to the COVID-19 pandemic, auditing firms may choose to adopt the standard on the original effective date. Plan sponsors will need to take the time to understand SAS 136 and its effect on the audit process.
Goals of SAS 136
In 2015, the Department of Labor’s Employee Benefits Security Administration (EBSA) examined the quality of audit work done on employee benefit plans by independent qualified public accountants. SAS 136 is the AICPA’s effort to address some of the issues found in the EBSA examinations.
The goal of SAS 136 is to enhance the quality of audits of ERISA plans by prescribing certain procedures that are required to be performed in the audit. The auditing standard also looks to add transparency to the nature and scope of ERISA benefit plan audits as presented in the auditor’s report.
Changes to Audit Reports, Engagement Letters, and Other Communications
SAS 136 clarifies the responsibilities of plan management and auditors. Certain of these responsibilities are now included in the auditor’s report, engagement letters, and required communications.
The auditor’s responsibilities are now disclosed in the auditor’s report which includes professional judgments, professional skepticism, and the auditor’s communication with those charged with governance. Management’s responsibility to maintain a planning instrument, administer the plan, maintain sufficient records for plan transactions and benefits, and their responsibility for the financial statements are not stated in the auditor’s report however will be stated in the engagement letter with their plan auditor. Management’s responsibility for the assessment of growing concern and the auditor’s responsibility for management’s assessment is also included in the auditor’s report, when applicable.
The overriding goal of these changes is to clarify each party’s role and responsibility throughout the audit process and formalize certain procedures that in the past were sometimes left to the auditor’s judgment.
Under the new standard, plan sponsors can expect to see a more thorough audit report. SAS 136 changes how auditors report their findings to those charged with governance. In addition to communicating deficiencies in internal control, auditors will now also have to communicate reportable findings in writing to those charged with governance.
Changes to Audit Procedures and Documentation
SAS 136 implements changes that affect multiple aspects of an ERISA plan audit, including engagement acceptance, risk assessment and response, communication with those charged with governance, and performance procedures and reporting.
Some of the most notable changes include:
Change in Limited Scope Audits
Before SAS 136, plan sponsors could elect to have a limited scope audit performed, which excludes certain audit procedures over investments and investment income that are certified by a qualified institution as complete and accurate. SAS 136 eliminates the limited scope moniker and replaces it with an ERISA Section 103(a)(3)(C) audit, which includes heightened reporting requirements.
Gear Up for Early Adoption
Even though SAS 136’s effective date is for periods ending on or after December 15, 2021, some accounting firms have chosen to adopt the new standard this year. The earlier plan sponsors start discussing the upcoming changes with their audit team, the better prepared they will be to understand and fulfill responsibilities during the plan audit.
Download a free resource from AICPA.
New audit standard for employee benefit plans: An overview for plan management