Prepare for increased responsibility and more thorough audit procedures and reports

After a one-year COVID-related delay, the American Institute of Certified Public Accountants’ (AICPA) Statement on Auditing Standards No. 136 (SAS 136) will be going into effect for audits of Employee Retirement Income Security Act (ERISA) plans with plan years ending on or after December 15, 2021. This new auditing standard was enacted with the aim of clarifying the roles and responsibilities of plan auditors and plan management in an effort to enhance the quality of the audit and transparency of its nature and scope as presented in the audit report. As a result, plan sponsors can expect to see heightened reporting requirements and should take the time to understand SAS 136 and its effect on the audit process . 

What you should know

Limited scope audits now called ERISA section 103(a)(3)(C) audits 

In addition to a name change, plan sponsors’ responsibilities are increased to include:

  • Providing written acknowledgement that all the conditions are met and that an ERISA section 103(a)(3)(C) audit is permissible
  • Assessing whether the entity issuing the investment certification is a qualified institution
  • Providing the auditor a substantially complete Form 5500 draft before issuance of the auditor’s report
  • Determining whether the investment certification meets the ERISA requirement
  • Determining if the certified investment information is appropriately measured, presented, and disclosed

Engagement letter

Changes to the audit engagement letter will make clear the plan sponsor’s responsibility to:

  • Maintain a plan instrument, including all plan amendments
  • Administer the plan and maintain sufficient records for plan transactions
  • Maintain accurate financial statements

Reportable findings

SAS 136 requires auditors to provide certain reportable findings in writing to plan management and those charged with governance, including:

  1. Instances of noncompliance or suspected noncompliance with laws or regulations
  2. Findings that, in the auditor's professional judgment, are significant and relevant to those charged with governance, regarding their responsibility to oversee the financial reporting process
  3. Indications of deficiencies in internal controls identified during the audit that have not been communicated to management by other parties and are of sufficient importance to merit management's attention. 

Audit firms can elect early adoption of SAS 136 as of the original effective date of plan years ending on or after December 15, 2020.

Early preparation is critical as 2021 year-end audits being performed in 2022 will be required to follow SAS 136 performance and reporting requirements. Plan sponsors should work with their plan auditor to understand what actions can be taken to fulfill increased responsibilities in advance of their next plan audit, including any necessary planning and coordination with their Form 5500 preparer and the auditor.