What to Know About SAS 136: A New Audit Standard for ERISA

The AICPA, with observation from the Department of Labor (DOL), issued a new audit standard for employee benefit plans subject to the Employee Retirement Income Security Act of 1974 (ERISA). ERISA is a federal law that sets minimum standards for most voluntarily established retirement and health plans for private industry to provide protection for individuals in these plans.

AICPA Statement on Auditing Standards No.136, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA (SAS 136) is effective for periods on or after Dec. 15, 2021. SAS 136 describes key changes that directly affect plan management and prescribes certain new performance requirements for ERISA plan financial statement audits. It changes the form and content of the related auditor’s report to improve audit quality and communicate transparency of the auditor’s report. SAS 136 includes new requirements for engagement acceptance, management responsibilities, management representations, and communications with those charged with governance. Previous “limited scope audits” will now be referred to as ERISA Section 103(a)(3)(C) audits with additional performance and reporting requirements. This is no longer a “disclaimer opinion” but rather an “unmodified opinion”.

The following provides a recap about what the new standard will mean for plan management and the ERISA Section 103(a)(3)(C) audit process.

Key Changes That Directly Affect Plan Management

ERISA Section 103(a)(3)(C) allows plan administrators to elect to instruct the auditor not to perform any additional procedures on the investment information prepared and certified by a qualified institution.

Qualified institutions are a bank, trust company or similar institution or insurance company that hold the plan’s investments and are regulated. These qualified institutions are also subject to periodic examination by a state or federal agency. Brokerage firms are not considered qualifying institutions because they are not regulated, supervised and subject to periodic examination. Some brokerage firms and investment companies may have established trust companies that may enable them to be a qualified institution.

Proper Certification Example: The XYZ Bank (Insurance Carrier) hereby certifies that the foregoing statement furnished pursuant to 29 CFR 2520.103-5 is complete and accurate.

Plan Management’s Responsibilities

Plan management has defined responsibilities under SAS 136 of which your organization should be aware. These responsibilities include:

Determine that ERISA Section 103(a)(3)(C) audit election is met.

Determine that the investment information is prepared and certified by a qualified institution and that the certification is pursuant to 29 CFR 2520.103-5.

Certified Investment Information

Determine certified investment information included in the financial statements is valued as of the plan’s year end and the method for determining investment value is in accordance with the applicable reporting framework.

Conditions for plan management to elect an ERISA Section 103(a)(3)(C) audit.

Request that your auditor provide you with the AICPA tool “Conditions for plan management to elect an ERISA Section 103(a)(3)(C) audit.” This will go through the steps management must perform to meet the requirements of SAS 136. The auditor must then evaluate management’s assessment.

Other Responsibilities

  • Maintain a current plan instrument, including amendments (signed and dated)
  • Administer the plan and determine that plan’s transactions are presented in conformity with the plan’s provisions
  • Maintain appropriate records for the participants
  • Agree to and provide a draft of the Form 5500 substantially complete prior to the date of the auditor’s report
  • Comply with all laws and regulations, including Internal Revenue Code compliance tests.

Required Written Representations from Management

There are also written representations to prepare for, including:

  • Management has provided the auditor with the most current plan instrument, including all plan amendments
  • Acknowledges responsibility to administer the plan, maintain sufficient records for the participants, including benefits due, and determine that plan transactions are properly presented and disclosed in plan financial statements.
  • Management elected an ERISA Section 103(a)(3)(C) audit and acknowledges it is permissible, the investment information is prepared and certified by a qualified institution, meets the requirements of CFR 2520.103-5 and the certified investment information is appropriately measured, presented, and disclosed in accordance with the applicable financial reporting framework.

For More Information

For more information about how the SAS 136 affects your organization, contact a member of our employee benefit plan audit team.

Published on March 29, 2022