Changes to Employee Benefit Plan audits under SAS 136 and how they will affect plan sponsors

In the summer of 2019, the Auditing Standards Board issued Statement on Auditing Standards (“SAS”) 136, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA. This SAS is effective for audits of ERISA plan financial statements for periods ending on or after Dec. 15, 2021. SAS 136 primarily includes changes in engagement acceptance, risk assessment and response, auditor communications, and an overhaul to the reporting, including the reporting for limited scope audits (now referred to as an ERISA 103(a)(3)(C) audit).

Engagement acceptance

The SAS requires additional acknowledgement from management related to its understanding of the engagement. Additional provisions in the audit engagement letter under this SAS will detail management’s responsibility to maintain a current plan instrument, administer the plan, and maintain records in accordance with plan provisions. 

Additionally, when management elects to engage the auditor to perform an ERISA Section 103(a)(3)(C) audit (formerly limited scope), management is required to determine that the audit is permissible under the circumstances. This includes determining whether the certifying institution is qualified, the certification meets the applicable requirements, and that the certified information is properly presented in the financial statements. These acknowledgements and determinations will be detailed in the engagement letter. 

Auditor communications

Under the new SAS, auditors will be required to communicate reportable findings from the audit procedures performed relating to consideration of relevant plan provisions tested during the audit in writing to those charged with governance. These communicated findings will contain an explanation of the potential effects of the reportable findings on the plan financial statements.

ERISA Section 103(a)(3)(C) audit (formerly limited scope)

The Department of Labor’s provision allowing auditors to reduce procedures related to investments and related income certified by a qualifying institution is still in effect. The auditor will still be required to perform certain procedures on information certified by a qualifying institution and has additional reporting requirements in the auditor’s opinion. There will no longer be a scope limitation in the opinion related to certified investments. Instead, the opinion will detail the limitations on procedures performed on the certified investments and will express an opinion on the amounts and disclosures included in the financial statements, other than those agreed to or derived from the certified investment information.

Other significant changes under SAS 136

Some other significant changes under SAS 136 include the following:

• Additional changes to the form and content of the auditor’s opinion that provide:
  • More detailed descriptions of the responsibilities of the plan sponsor and the auditor
  • More information about the audit procedures performed on financial statement information, both certified and not certified
• The auditor is required to perform risk assessment procedures related to the plan instrument, plan tax status, prohibited transactions, and respond to identified risks
• The Form 5500 must be substantially completed before the date that the financial statements are available to be issued
• Additional representations will be required from management