No one wants to be caught flat-footed when the auditors come calling. And with a new standard issued by the American Institute of Certified Public Accountants (AICPA), both the auditors and plan sponsors will be subject to new responsibilities.
The AICPA’s Statement on Auditing Standards (SAS) No. 136, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA, raises the bar on benefit plan audits. Issued in 2019, the standard was originally scheduled to go into effect in 2020 but was delayed due to the pandemic. It is now effective for audits of ERISA plan financial statements for periods ending on or after Dec. 15, 2021.
SAS 136 impacts all ERISA plan audit phases and makes significant changes to the content of audit reports in an effort to promote greater transparency. But in addition to the impact on accounting professionals who conduct the audit, the new standard introduces new requirements for plan sponsors. For example, when receiving a “limited scope audit” — a term the new standard replaces with “ERISA Section 103(a)(3)(C) audit” — auditors will no longer issue a disclaimer of opinion and will instead provide an audit report. But before the auditor can accept the audit, the plan sponsor must indicate in writing that he or she permits the engagement and that it will meet ERISA requirements.
Plan sponsors are also now required to acknowledge responsibility for administering the plan in the audit engagement letter. What’s more, at the end of the audit, they need to acknowledge additional responsibilities such as maintaining a copy of the plan document, ensuring transactions conform to the plan’s provisions, and maintaining sufficient participant records to determine benefits due to them.
Further changes in the standard come from new provisions regarding completion of Form 5500. Before the audit engagement, plan sponsors will need to provide the auditor with a substantially completed copy of the form, as well as its schedules. The auditor will then compare the form against the financial statements to determine if there are any material discrepancies and indicate whether either the form or the statements require any corrections.
Compliance with SAS 136 will result in a much more thorough audit, and a more revealing report on the organization’s compliance with ERISA requirements. With that in mind, plan sponsors should note the potential for additional exposure to legal risk. According to ERISA expert Timothy Verrall in a recent PlanSponsor.com article, the audit report, which may disclose noncompliance issues, is attached to Form 5500 and then becomes publicly available.
“Anyone can look at it,” Verrall says in the article. “One way lawsuits get started is people doing searches on Form 5500 data filings. This could potentially provide a new source of ammunition to plaintiffs’ lawyers.”
“That said, from a pragmatic perspective most issues reported in annual auditors reports are of a limited, and even individual, nature,” says Joel Shapiro, SVP ERISA of NFP “and they are often immediately remedied, thereby leaving little real ‘meat on the bone” for class action plaintiffs attorneys as the result.”
With so much change being introduced, sponsors will want to ensure they’re adequately prepared to meet the new requirements and thoroughly understand their responsibilities. That way, when the auditors come knocking, you won’t be caught unawares. To see the full AICPA revision, download SAS 136 from the institute’s website (PDF).