10 FAQs about the AICPA’s new employee benefit plan auditing standards
Employee benefits audits requirements you need to know about.
Some people absolutely fear change. Others, though, may view change as an opportunity to improve. In the accounting profession, change is happening quickly with the rise of new technologies such as blockchain and advanced data analytics, as well as the steady cadence of new accounting and auditing standards.
In the first half of 2019, a Statement on Auditing Standards as it applies to Employee Benefits Plan audits is about to be finalized — as I write this, the Financial Accounting Standards Board (FASB) is meeting to finalize the form and content of the report.
Here, we outline a few items we think you should know:
1. What is the scope of the Statement on Auditing Standard (SAS), Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA (ERISA SAS)?
First, the ERISA SAS requires the auditor to perform certain procedures to be able to form an opinion on the financial statements of an employee benefit plan subject to the Employee Retirement Income Security Act of 1974 (ERISA).
The SAS updates the auditor’s report for ERISA audits, and applies to audits of all ERISA plans, including single employer, multiple employer and multiemployer.
The new ERISA SAS does not apply to non-ERISA plans.
2. Will there be any more changes to the ERISA SAS?
Yes. The FASB will be meeting from Jan. 14-17, 2019 to discuss proposed amendments to the ERISA SAS designed to conform the standards with the new auditor reporting standards, which will be voted final during the same meeting.
These changes are expected to be released over the first half of 2019.
3. When should plan sponsors expect to see a change in their audits based on the ERISA SAS?
All audits of ERISA plan financial statements for periods ending on or after Dec. 15, 2020 will change. Plan sponsors are not allowed to adopt early.
4. Will plan sponsors still be able to request that a limited scope audit be performed?
No. Plan sponsors will now request an ERISA Section 103(a)(3)(C) audit.
An ERISA Section 103(a)(3)(C) audit, unique to employee benefit plans, is not considered a scope limitation.
There are additional requirements for an ERISA Section 103(a)(3)(C) audit, which are detailed throughout the FAQs.
5. Will the definition of a qualified institution under an ERISA Section 103(a)(3)(C) audit change?
No. A qualified institution is defined as a bank or similar institution that holds plan assets, or an insurance carrier which provides benefits under the plan or holds plan assets.
Such institutions are regulated, supervised and subject to periodic examination by a state or federal agency that prepares and certifies the investment information.
6. Which parts of the audit are impacted by this ERISA SAS?
There are new requirements/clarifications for each of the audit phases:
- Engagement acceptance
- Audit risk assessment and response
- Communication with those charged with governance
- Procedures for an ERISA Section 103(a)(3)(C) audit
- Written representations
7. What are the requirements for engagement acceptance under the ERISA SAS?
In addition to other existing audit engagement acceptance procedures, the EBP SAS requires auditors to obtain confirmation from plan management that their responsibility for maintaining a current plan document, as well as administering the plan based on that document, is understood.
This includes maintaining sufficient records regarding each plan participant. Auditors are also required to receive the Form 5500 before dating the auditor’s report.
If an ERISA Section 103(a)(3)(C) audit is elected, plan management will need to determine:
- If the audit is permissible
- If the investment information is properly certified by a qualified institution
- If the certification meets the proper requirements
- If the certified investment information is properly reported in the financial statements.
Based on the requirements above, Plan Sponsors’ engagement letters will need to include additional language to cover the responsibilities, and auditors will begin asking plan management more specific questions on their ERISA Section 103(a)(3)(C) audit determinations.
At the culmination of the audit, auditors will also need to request that plan management sign certain written management representations regarding the items above.
8. What are the requirements specific to Employee Benefit Plan audits for risk assessment under the ERISA SAS?
As plan sponsors are aware, the plan document is an integral part of plan maintenance.
The ERISA SAS requires the auditor to obtain and read the most current plan document for the current period under audit, including effective amendments.
The auditor should consider the plan document when designing and performing audit procedures, as well as the different transactions that could pose a risk of material misstatement.
The plan sponsor will, as a result, experience more in-depth questions and more detailed audit procedures as it relates to the plan document.
9. Why is the Form 5500 required to be reviewed by the auditor before the dating of the auditor’s report?
If there are material inconsistencies with the audited ERISA plan financial statements and the Form 5500, the auditor is required to determine whether the audited financial statements or the draft Form 5500 needs to be revised.
If the revisions are not made, the auditor needs to determine if the opinion in the auditor’s report should be modified.
The ERISA SAS outlines procedures for handling material inconsistencies found during different times during the audit.
10. What communications are required between plan management and those charged with governance by the ERISA SAS?
If the auditor finds any transactions that are not in accordance with the plan document, the auditor should determine if these transactions are considered reportable findings and report them to plan management in a timely manner.
Reportable findings may consist of noncompliance with laws or regulations, operational issues or failures which impact the financial reporting process or a deficiency in internal controls.
The auditor is not permitted to affirm that there are no reportable findings in any written communications.
Beth Garner is the Assurance Partner, National Practice Leader, Employee Benefit Plan Audits, BDO.