Goals of SAS 136
In 2015, the Department of Labor’s Employee Benefits Security Administration (EBSA) examined the quality of audit work done on employee benefit plans by independent qualified public accountants. SAS 136 is the AICPA’s effort to address some of the issues found in the EBSA examinations.
The goal of SAS 136 is to enhance the quality of audits of ERISA plans by prescribing certain procedures that are required to be performed in the audit. The auditing standard also looks to add transparency to the nature and scope of ERISA benefit plan audits as presented in the auditor’s report.
Changes to Audit Reports, Engagement Letters and Other Communications
SAS 136 clarifies the responsibilities of plan management and auditors. Certain of these responsibilities are now included in the auditor’s report, engagement letters and required communications.
The auditor’s responsibilities are now disclosed in the auditor’s report which include professional judgements, professional skepticism and the auditor’s communication with those charged with governance. Management’s responsibility to maintain a plan instrument, administer the plan, maintain sufficient records for plan transactions and benefits, and their responsibility for the financial statements are not stated in the auditor’s report however will be stated in the engagement letter with their plan auditor. Management’s responsibility for the assessment of going concern and the auditor’s responsibility over management’s assessment is also included in the auditor’s report, when applicable.
The overriding goal of these changes is to clarify each party’s role and responsibility throughout the audit process and formalize certain procedures that in the past were sometimes left to auditor’s judgement.
Under the new standard, plan sponsors can expect to see a more thorough audit report. SAS 136 changes how auditors report their findings to those charged with governance. In addition to communicating deficiencies in internal control, auditors will now also have to communicate reportable findings in writing to those charged with governance.
Changes to Audit Procedures and Documentation
SAS 136 implements changes that affect multiple aspects of an ERISA plan audit, including engagement acceptance, risk assessment and response, communication with those charged with governance, and performance procedures and reporting.
Some of the most notable changes include:
- If a plan sponsor elects an ERISA Section 103(a)(3)(C) – formerly known as a limited scope audit – management must affirm that this is permissible and that the qualified institution can certify the investment information
- Management must provide to the auditor a substantially complete Form 5500 draft before issuance of the auditor’s report
- The auditor must communicate reportable findings
Change in Limited Scope Audits
Before SAS 136, plan sponsors could elect to have a limited scope audit performed, which excludes certain audit procedures over investments and investment income that are certified by a qualified institution as complete and accurate. SAS 136 eliminates the limited scope moniker and replaces it with an ERISA Section 103(a)(3)(C) audit, which includes heightened reporting requirements.