Employee benefits are important to your business, making it easier to attract and retain quality talent while ensuring that they have the support they need during difficult times, such as illness or a family crisis, and to help them get ready for retirement.
Retirement plans come in many forms—401(k), 403(b), defined benefit, health and welfare, employee stock ownership plans—but for simplicity purposes, we like to simply call them employee benefit plans, or EBPs.
To ensure your EBP is running smoothly and in accordance with laws and regulations, the Employee Retirement Income Security Act of 1974 (“ERISA”) requires an annual audit for those EBPs with more than 100 participants in the plan. If you are one of the lucky ones that gets to partake in an EBP audit each year, there are some changes coming this year about which you need to be aware!
The American Institute of Certified Public Accountants (“AICPA”) issued Statement on Auditing Standards (“SAS”), No. 136, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to the Employee Retirement Income Security Act of 1974 (ERISA), which is effective for plan years ending on or after December 15, 2021.
While most of these changes impact your plan auditor (that’s us!), there are some important changes impacting plan sponsors as well (that’s you!). Let’s dive right in!
Remember that whole “limited scope” scenario? Where investments were certified by the plan’s custodian or third-party administrator, and the auditor’s engagement scope was therefore limited, resulting in us disclaiming an opinion on the plan’s financial statements? That scope limitation and disclaimer is out the window! Enter: The ERISA Section 103(a)(3)(C) audit. Rolls right off the tongue, doesn’t it?
With the ERISA Section 103(a)(3)(C) audit, our engagement scope is no longer considered to be “limited” because of the information certified by the custodian or other qualified institution. We will now issue a two-pronged opinion. An unqualified opinion will look something like this:
As such, your audit report will look very different this year as compared to prior years.
What was that little tidbit in the auditor’s opinion up above? Certified by an institution that management determined meets the requirements of ERISA Section 103(a)(3)(C)? You read that right. In the past, the auditor would get the certification of investments and make sure all the requirements were met to perform a limited scope audit.
For an ERISA Section 103(a)(3)(C) audit, the onus of making sure the certification of investments is appropriate is now your responsibility. When management elects to have an ERISA Section 103(a)(3)(C) audit, it is now management’s responsibility to determine whether:
Sounds fun, right? Not to worry – we’re here to help! A qualified institution is a bank or similar institution or an insurance company that is regulated, supervised, and subject to periodic examination by a state or federal agency.
Broker dealers and investment companies are not qualified institutions; however, some of those institutions may have established separate trust companies that could meet the requirements to be a qualified institution. The certification meets the requirements if (a) it is from a qualified institution, (b) it certifies both the accuracy and completeness of the information, and (c) it is signed by an authorized representative of the qualified institution.
We as auditors are required to inquire with you about how your determination was made. Need help in assessing whether your plan qualifies for an ERISA Section 103(a)(3)(C) audit? The AICPA has created some great tools to assist management in this determination that we would be happy to share with you and walk through with you.
Some other management responsibilities outlined by this new auditing standard include management being responsible for:
Because your new responsibilities will be outlined in the audit engagement letter and added as representations to the management representation letter, both the engagement letter and management representation letter will also look much different than they did in the prior year.
Don’t worry—we’re not getting off easy! The new auditor reporting standard has lots of new requirements for auditors, as well. Along with assessing management’s determination of whether the audit qualifies for an ERISA Section 103(a)(3)(C) audit and making sure we obtain a substantially complete draft Form 5500 before issuing our auditor’s report, the auditor reporting standard also requires consideration of relevant plan provisions in audit risk assessment and response, various audit performance procedures, and increased auditor communications with those charged with governance.
Fortunately, these procedures are not “new” per se, but this is the first time they have been required by a regulatory standard. We have been busy to make sure our audits conform and that we continue providing you and your employees with a quality EBP audit.
The EBP audit season has already kicked off for the year, and we are hitting the ground running. As our plan sponsors start to prepare for their upcoming retirement plan audits, it is important to us that management understands their new responsibilities, evaluates current procedures, and implements any new procedures deemed necessary to comply with the new requirements when an ERISA Section 103(a)(3)(C) audit is applicable.
If you are already an audit client of ours, your audit team will be reaching out individually to make sure any questions you have about this new standard get addressed.
In the meantime, our resident Qualified 401(k) Administrator, Callie Lemle, is happy to assist you with any questions you may have.