www.bmf.cpa
The Changing Face of the Employee Benefit Plan Limited Scope Audit
As we noted last month, the Employee Retirement Income Security Act of 1974 (ERISA) requires that employee benefit plans with 100 or more eligible participants are required to have their financial statements audited annually, which should be attached to the annual Form 5500 filing. The rules are changing for Limited Scope Audits and we wanted to take this opportunity to explain what is changing, why, and what this means for your annual plan audit.
Background
For nearly 50 years, plan administrators have had the option to direct the auditor to not perform any audit work relating to investments, investment transactions or investment income if the investments are certified by a qualified party (bank, insurance company or regulated trust company). As a result of this Limited Scope Audit, the auditor provides a “disclaimer of opinion” to indicate that due to the significance of the information they did not audit on the financial statements, they are unable to express an opinion on the financial statements.
What is Changing and When?
The Auditing Standards Board of the American Institute of Certified Public Accountants (“AICPA”) issued a Statement on Auditing Standards No. 136 – Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA (SAS 136), which is effective for periods ending on or after December 15, 2021 (although earlier implementation is permitted).
According to this new standard, the concept of a limited scope audit will be discontinued and will be replaced by an “ERISA Section 103(a)(3)(C) audit.” As part of this new standard, the auditor ultimately will be expressing an opinion on the plan financial statements, even though the auditor will still be permitted to exclude the investments from the audit if the information is appropriately certified.
We have summarized the key new requirements under this standard.
- Auditors will not be able to accept an audit engagement unless plan management acknowledges upfront their responsibility to maintain a current plan document, administer the plan and provide the auditor with a substantially complete draft of Form 5500 before the completion of the audit.
- Management will need to provide written acknowledgment regarding their responsibilities for:
- determining whether their plan qualifies to have an ERISA Section 103(a)(3)(C) audit,
- whether the investment information is prepared and certified by a qualified institution,
- whether the certification meets DOL requirements,
- and that the certified investment information is properly measured, presented and disclosed in the financial statements.
- The auditor will, in their risk assessment process in planning the audit, need to consider the necessity to test specific plan provisions.
- The new audit report will contain a two-pronged opinion that is based on the audit and the procedures relating to the certified investment information.
- NOTE 1: We have drafted sample audit reports based on the full scope or the ERISA 501(a)(3)(C) option.
- NOTE 2: This new standard is coming into play concurrently with another new standard issued by AICPA, which will change the ordering and content of virtually all audit reports next year. We will have additional information coming out in the coming weeks as we continue to learn more.
- The auditor will need to provide a written report to management and those charged with governance of the plan, regarding any:
- “reportable findings” during the audit, including prohibited transactions, instances of non-compliance or suspected non-compliance with laws or regulations,
- issues considered significant to those charged with governance regarding their responsibility to oversee the financial reporting process,
- or indications of significant deficiencies in internal control.
- Auditors are not permitted to issue a written communication that no reportable findings were identified during the audit.
Why the Change?
Over many years, the U.S. Department of Labor (“DOL”) has conducted audit quality studies and has been overtly critical of the audit profession. They have found that, particularly with firms with smaller audit practices, the audits of plans have a significant rate of non-compliance with the audit standards. SAS 136 was authored to bolster audit quality and address certain issues that were found in the audit quality study.
One key issue discovered was the misunderstanding of the limited scope audit, which was specifically provided for in ERISA. The limited scope audit allows auditors to “disclaim” an opinion on the plan financial statements due to the significance of the investment information that they are not auditing. The audit quality study has shown firms conducting only a small number of plan audits annually have interpreted the disclaimed opinion to mean they do not need to perform sufficient audit work on other areas of the plan. This is not correct. While they are permitted to exclude investments, they are still required to perform audit procedures concerning all other elements of the financial statements, including but not limited to, contributions, benefit payments, participant data, plan expenses, etc.
The AICPA conducted an exhaustive study and feedback from the profession through a previous exposure draft that had been submitted. The conclusion was that a change to the standards to enhance the clarity was necessary, which ultimately will have all audit firms expressing an opinion on these financial statements.
What does this mean for your annual plan audit?
BMF is a proud long-time member of the AICPA’s Employee Benefit Plan Audit Quality Center and is one of the largest audit service providers for benefit plans in the state of Ohio. Outside changes to the audit report and certain additional required management representations, we do not expect this to significantly impact the audit process, because our teams have been proactive in considering these other elements of the financial statements throughout our audit processes. In some cases where the audit is completed in advance of the preparation of Form 5500, we may be required to delay finalizing and issuing an audit report until receipt of a substantially completed draft form 5500.
Plan sponsors can review the tools provided by the AICPA Employee Benefit Plan Audit Quality Center, designed to assist plan management in assessing whether the conditions for electing an ERISA Section 103(a)(3)(C) audit have been met.
If your employee benefit plan is required to have an audit, it is your duty to hire an auditor that is licensed or certified as a public accountant by a state regulatory authority. We are available to discuss our services with you at your convenience.