SAS 136: Changes for employee benefit plans and their auditors

Sep 28, 2021
Financial reporting AICPA matters Audit Employee benefit plans

Statement on Auditing Standards (SAS) 136, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISAwill be effective for audits of periods ending on or after December 15, 2021. For employee benefit plans subject to the Employee Retirement Income Security Act of 1974 (ERISA), SAS 136 changed the requirements for the following, among other audit-related matters:

  • Scope limitations. Plan management may make an election under ERISA Section 103(a)(3)(C) to exclude from the audit certain investment information a qualified institution holds and certifies. This election will no longer be considered a scope limitation for the auditor. Under SAS 136, when plan management makes such an election, this former “limited-scope audit” now will be referred to as an “ERISA section 103(a)(3)(C) audit.”
  • Engagement acceptance. As a precondition of engagement acceptance, the auditor will need to obtain plan management’s acknowledgment that it understands its responsibility for:
    • Maintaining a current plan instrument, including all plan amendments;
    • Determining whether an ERISA Section 103(a)(3)(C) audit is permissible, if elected, and that the investment information is (a) prepared and certified by a qualified institution and (b) appropriately measured, presented and disclosed; and
    • Providing a substantially complete draft Form 5500 prior to the dating of the auditor’s report.
  • Audit risk assessment and response, including the auditor’s consideration and testing of relevant plan provisions.
  • Procedures for an ERISA Section 103(a)(3)(C) audit. Under SAS 136, the auditor will need to:
    • Evaluate management’s assessment of whether the entity issuing the certification is a qualified institution under U.S. Department of Labor rules and regulations;
    • Identify which investment information is certified; and
    • Perform certain procedures on the certified investment information.
  • Written communications of reportable findings with those charged with governance.
  • Auditor reporting. SAS 136 revises the auditor’s report to provide more transparency regarding the scope and responsibilities of management and the auditor. It also requires additional language regarding the ERISA-required supplemental schedules. Further, if plan management makes the election under ERISA Section 103(a)(3)(C), the auditor’s report for an ERISA section 103(a)(3)(C) audit will include a two-part opinion addressing (a) the amounts and disclosures not covered by the certification and (b) the information covered by the certification.