In July 2019, the Auditing Standards advice of the American Institute of Certified Public Accountants (AICPA) has issued a revised statement on Auditing Standards No. 136 titled “Opinion and Report on the Financial Statements of Employee Benefit Plans Submitted to ERISA”. Originally slated to come into effect for tax periods ending after December 15, 2020, the revised standard has been delayed for one year. However, audit firms may choose to adopt the standard on the initial effective date.
This new revised auditing standard is important since qualifying pension plans, among others, are required to submit an audit issued by a Qualified Independent Public Accountant (IQPA) along with the plan’s annual report, Form 5500. (Small Plans , i.e. those with less than 100 members at the start of the plan year may benefit from an exemption provided that certain requirements related to the composition of the plan assets are met.) aim to certify that the financial statements and plan tables are presented fairly and in accordance with generally accepted accounting principles (GAAP).
Plan sponsors, trustees and board committees are all affected by the revised rules in at least three ways:
- “Limited Scope” vs. “ERISA Section 103 (a) (3) (C)” – What’s in a Name?
Under previous rules, plan sponsors could choose to commission “limited scope audits”, which excluded certain audit procedures on investments and investment income that are certified by a qualified institution as complete and accurate. . A “qualified institution” is a bank, trust company, or similar institution, including an insurance company, that is regulated and subject to periodic review by a state or federal agency. While the revised auditing standards continue to allow such audits, the new rules dispense with reference to “limited scope” audits and instead refer to “ERISA Section 103 (a) (3) (C)” audits. The reference is of course the provision of ERISA which establishes the limited scope exception to the requirement of auditing the general plan.
According to the Auditing Standards Board, the reference to the ERISA audit section 103 (a) (3) (C) is more precise, since the ERISA provision in question is not a limitation of scope. Understood, previous audits were not limited in scope; rather, they have been modified (called “disclaimer”) to the extent that certain information is certified elsewhere, ie by a qualified institution. The Board now considers that an independent auditor performing an ERISA Section 103 (a) (3) (C) audit delivers an ERISA-Section 103 (a) (3) (C) audit report based on the audit and procedures followed regarding certified investment information.
- New obligations imposed on “management”
For pension plan sponsors and their trust committees, what is remarkable about the revisions to SAS 136 is not the new name. Rather, it is the new and comprehensive set of written representations that must be made to the auditor as part of the audit process. Written representations required by the revised auditing standards include:
- that management has provided the auditor with the most recent plan instrument for the audit period, including any amendments made to the plan;
- Acknowledgment of its responsibility to administer the plan and to determine that plan transactions that are presented and disclosed in the financial statements of the ERISA plan comply with the provisions of the plan, including maintaining sufficient records relating to each of the participants to determine the benefits due or which may become due to these participants;
- When management elects to have an ERISA Section 103 (a) (3) (C) audit, the recognition that the election by the ERISA Section 103 (a) (3) (C) audit management does not affect not its responsibility for the financial statements and to determine whether:
- an ERISA Section 103 (a) (3) (C) audit is permitted under the circumstances,
- the investment information is prepared and certified by a qualified institution as described in 29 CFR 2520.103-8,
- the certification meets the requirements of 29 CFR 2520.103-5, and
- the certified investment information is measured, presented and disclosed in an appropriate manner in accordance with the applicable financial reporting framework.
The auditor is required under the revised standard to request such statements for all periods covered by the auditor’s opinion.
Regarding who should make the required written declarations, the revised standard offers the following guidance:
For an ERISA plan, the appropriate person (s) to communicate with may not be clearly identifiable from the circumstances of the engagement. Some plans have a formal board of directors (or other formal governing body) and some do not. For a single employer benefit plan, the person charged with governance may include the person with the level of authority and responsibility equivalent to an audit committee, such as the appointed trustee, who is often the plan sponsor. or an officer thereof; the promoter’s board of directors or audit committee; or a committee overseeing the activities of the benefit plan, such as the employee benefits committee, the administrative benefits committee, the employee benefits investment committee, the plan administrator or other responsible party.
ERISA vests the power to maintain and operate the plan with a ‘plan administrator’, which is the board of directors (or other high-level governing body, for example, a sole proprietor, LLC manager by default). In many cases, the board or other governing body will formally delegate the role of administrator of the ERISA plan to one or more fiduciary committees. But, to be clear, in the absence of an appropriate delegation of authority, the default governing body is the administrator of the ERISA plan. While recognizing that the role of the plan administrator, the revised standard adopts and more generically refers to “management”, that is:
The plan administrator is identified in the plan document as being responsible for managing the administration and day-to-day decisions of the plan. This SAS uses the term management to include the plan administrator as described in DOL’s Rules and Regulations for Reporting and Disclosure under ERISA as well as other members of management.
Representations required of management as part of the revised audit represent a high bar. Some of these are highly technical in nature and will require the input and assistance of internal specialists or external advisers. Whether “an ERISA Section 103 (a) (3) (C) audit is permissible in the circumstances” is a legal finding that would certainly benefit from the approval of counsel (internal or external). The same is true of whether “the investment information is prepared and certified by a qualified institution” and whether the certification meets the requirements of the applicable labor regulations. Surprisingly, whether “certified investment information is properly measured, presented and disclosed in accordance with the applicable financial reporting framework” seems something the auditor is better equipped than management to respond to.
- Management policies and procedures
Plan sponsors, pension committees and others with discretion over plan administration should maintain appropriate documentation of their compliance with the revised stagnation. The pension committees may deem it necessary to designate an authorized representative who can make the required representations and attest to both their accuracy and their completeness. When there is no fiduciary committee, it is common for a member of the management of an entity to sign, either relying on his or her own apparent authority or not considering the matter. This approach may not (or should not) be successful under the revised rules.
The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.