May 18, 2022
by Jennifer McCahill, CPA, Partner
The implementation of SAS 136 is finally here. After being delayed an additional year during the pandemic, this new standard represents the first significant change to employee benefit plan audits in the past several years. For organizations subject to an audit of their retirement plan, below are several changes that management is required to adopt for the 2021 plan year audit.
- The engagement acceptance process will require more understanding and attestation information from management.
- The auditor will perform amended risk assessment procedures related to the retirement plan instrument, tax status, and prohibited transactions.
- Written communications of additional matters (reportable findings) to those charged with plan governance are required.
- The auditor will perform certain additional audit procedures unique to ERISA plans.
- The auditor will issue a new form of the “Independent Auditor’s Report”.
- The auditor will be required to obtain a substantially complete draft Form 5500 prior to the issuance of the audit report.
Plan Management Impacts
While most items will impact your audit team, there are also several provisions that the AICPA provides as “key changes that plan management should know”.
- Before the auditor can accept the audit, management will have to attest (in writing) its understanding of responsibilities for the following:
- Maintaining a current plan instrument (plan document, adoption agreement, etc.) including all amendments,
- Administering the plan, including ensuring transactions comply with plan provisions and maintaining records to support those transactions, and
- When Management elects an ERISA 103(a)(3)(c), management must document:
- An ERISA Section 103(a)(3)(c) is permissible,
- Investment information is prepared and certified by a qualified institution as described in the guidance,
- Certification meets the requirements under the guidance, and
- Certified investment information is appropriately measured, presented, and disclosed in accordance with the financial reporting framework.
- Management provides information on how the ERISA 103(a)(3)(c) evaluation was made.
- Management provides a substantially complete draft of the 5500 to the auditor before the dating of the audit report.
For more information about the new audit standard, review the AICPA’s Employee Benefit Plan Audit Quality Center’s Plan Advisory.
GRF’s Employee Benefit Plan Audit team provides resources and industry expertise to help clients prepare for their next audit and assist their management in navigating the new requirements. Contact us to request specialized checklist tools that provide the necessary steps to comply with the new standard requirements.