Employee benefit plan audit quality is a top concern for both the Department of Labor (DOL) and the American Institute of CPAs (AICPA). Based on the DOL's 2014 audit quality study, it appears that the quality of employee benefit plan audits has not improved since the DOL's previous studies. The 2014 study reported an overall deficiency rate of 39 percent. Regulators, the AICPA and the accounting industry are all looking for solutions. In July 2016, the DOL released proposed changes to the annual information reporting form, the Form 5500. In April 2017, the AICPA’s Auditing Standards Board (ASB) released an exposure draft of changes to the auditing standards for plans covered under the Employment Retirement Income Security Act of 1974 (ERISA).
These proposed revisions to auditor's reports on ERISA plan financial statements are designed to enhance audit quality and provide better insight into the responsibilities of plan management and the auditor. The AICPA's comment period on the proposal ended Aug. 21, 2017. If implemented, its proposed effective date would be for periods ending on or after Dec. 15, 2018. Based on what we know about the comment letters the AICPA has received, it indicates that improving employee benefit plan auditing standards to address deficiency rates may be easier said than done.
Proposed Changes to Employee Benefit Plan Audit Standards
The proposal would make several significant amendments to existing standards, and if implemented would be applied in place of AU-C section 700 for audits of ERISA plan financial statements. This means that it would contain many of the same requirements already outlined in current standards, in addition to the following more significant items:
- New performance requirements that would require the auditor to test certain plan provisions in all audits of ERISA plans and report its findings in its auditor's report. Noncompliance findings in these areas would be reported, and while plan management would be given an opportunity to respond within the report, they may be unable to resolve the issues before the report is issued. Because the auditor's report is attached to the Form 5500, plan participants and regulators would have access to it.
- New form of the auditor's report for audits in which management imposes the ERISA-permitted audit scope limitation. The report would state that management is responsible for determining whether the scope limitation is permissible based on its evaluation of whether the certified investment information is complete and accurate, among other things. This would also change the auditor's report when this scope limitation is used from a disclaimer to a qualified opinion.
- Additional written management representations would be required.
Reactions to the Standard
The AICPA received 108 letters of comment on the exposure draft, and it has indicated it will take a considerable amount of time to analyze all the responses. Many of the comment letters indicated the proposed changes to the employee benefit plan auditing standard would require significantly more work by auditors.
Several accounting groups weighed in on the provisions. The National Association of State Boards of Accountancy (NASBA) recommended that the final guidance retain the separate reporting of material weaknesses and deficiencies in internal controls. It also took issue with some of the compliance reporting requirements, including participant vesting provisions. The NASBA agreed that more information about participant vesting was needed and recommended that employee benefit plans consider using a separate Schedule of Findings and Questioned costs to report vesting findings. It suggested that the ASB also perform a cost-benefit analysis on the burden of implementing the changes to audits of smaller plans.
Several non-accountancy groups weighed in as well. The Walt Disney Company expressed concern about the cost of the changes, saying that plan sponsors would likely incur larger costs to pay for the enhanced audit procedures which could get passed down to the plan participants. Cost concerns also appeared in a comment letter from The Aerospace Industries Association and the American Benefits Council and the Committee on Investment of Employee Benefit Plan Assets, Inc. (American Benefits) comment letter, which expressed that audit quality concerns could be addressed through increased audit firm training. The American Benefits letter also recommended that auditors not be required to report operational errors in their plan reports unless they were material to the plan’s financial statements. Some of the changes the exposure draft made to AU-C 725 could potentially lead to investors and other interested parties finding out about audit deficiencies before the plan had time to voluntarily correct them through the IRS's Employee Plans Compliance Resolution System (EPCRS).
The American Council of Life Insurers suggested that the ASB retain the ERISA-permitted audit scope limitation because banks and insurance companies are heavily regulated. It argues that a full scope audit on a plan with assets primarily held by banks or insurance carriers would be redundant and costly.
What Comes Next for Employee Benefit Plan Audits?
Highlights of the October 2017 meeting of the AICPA's ASB contained feedback on certain of the exposure draft's "issues for consideration" as follows:
Issues for Consideration
Feedback to the ASB's EBP Reporting Task Force
Required procedures when an ERISA-permitted audit scope limitation is imposed.
Supports redeliberating the procedures relating to the certified information relative to the type of opinion required to be issued.
The form and content of the auditor's report on ERISA plan financial statements with the ERISA-permitted audit scope limitation
Continue to explore a new form of auditor's report when there is an ERISA-permitted audit scope limitation and explore ways to align the report to the existing audit standards.
Certain requirements for audits of ERISA plan financial statements and related required report on specific plan provisions
Consider revising the testing of certain plan provisions relating to the financial statements taking into account the auditor's risk assessment and type of plan being audited.
Findings from such testing should not be required to be communicated in the auditor's report but could be communicated to those charged with plan governance including those that relate to internal control over financial reporting.
Pushback from both plan sponsors and audit firms makes it likely that the proposed effective date of these auditing standards for 2018 calendar year filings will be delayed. We will continue to monitor the AICPA's deliberations on the exposure draft and keep you updated as more details emerge on the AICPA’s next steps.
For comments, questions or concerns about the proposed changes, please contact Hal Hunt of MHM's Professional Standards Group. Hal can be reached at firstname.lastname@example.org or 816.945.5610.
Published on December 05, 2017