Posted By Christopher Ciminera, CPA
In my last blog, Almost There: Moving Closer to the New EBP Audit Standard , I gave a brief background on what led to SAS 13X – Statement on Auditing Standards Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA (“Final Balloted Draft”) and its proposed changes to the audit report. In this blog, I want to summarize a few other items in the Final Balloted Draft standard.
Besides the change to the limited-scope audit opinion, I don’t believe there will be much that auditors that were performing compliant audits will need to change. However, the Final Balloted Draft standard does memorialize certain procedures that need to be performed by auditors that when omitted, have showed up as deficiencies in peer review reports and/or the DOL Audit Quality Study findings.
The Final Balloted Draft standard starts off by listing the objectives of the auditor. Those objectives are to accept the audit engagement, plan and perform the audit engagement, form an opinion on the financial statements, express an opinion on the financial statements, perform procedures on the supplementary information, and communicate any findings.
As part of each objective, the Final Balloted Draft standard provides certain presumed requirements for the audit.
The Final Balloted Draft standard indicates that the auditor should obtain an agreement from management regarding management’s responsibility:
- for maintaining a current plan document
- for administering the plan and ensuring plan transactions are in conformity with plan provisions, including maintaining sufficient records with respect to each of the participants to determine the benefits due or which may become due.
- When electing to have an ERISA Section 103(a)(3)(C) audit, determining whether such audit is permissible, that the information is prepared and certified by a qualified institution, and the information meets the certification requirements, and that the information is appropriately measured, presented, and disclosed.
Planning and Performing the Audit Engagement
Specific language in the Final Balloted Draft standard indicates the auditor should:
- obtain the plan document and read it.
- consider the relevant provisions in the plan document that affect the risk of material misstatement.
- consider whether the relevant compliance tests were performed.
- Inquire of management how it determined that the entity preparing and certifying the investment information is a qualified institution.
- Obtain the draft 5500 PRIOR to releasing the audit report to verify if there are any material inconsistencies. If there are material inconsistencies and management does not correct those inconsistencies, then the auditor should consider modifying the opinion it expresses. A specific example in the standard indicates that differences in investment categories between the 5500 and financial statements may require a correction, so that the two agree.
ERISA Section 103(a)(3)(C) audit
Specifically, regarding an ERISA Section 103(a)(3)(C) audit, the Final Balloted Draft standard indicates the auditor should:
- Evaluate management’s assessment of whether the entity issuing the certification is a qualified institution under the DOL’s Rules and Regulations.
- Identify which information is certified.
- Obtain the certification and read the certification.
- Compare the certified information to the information presented and disclosed in the financial statements and supplemental schedules.
- Read the disclosures relating to the certified information to assess whether they are in accordance with the presentation and disclosure requirements of the applicable financial framework.
- Importantly, the standard specifically mentions that the auditor should perform procedures necessary to become satisfied that received and disbursed amounts reported by the trustee or custodian were determined in accordance with plan provisions.
Regarding communicating findings, the Final Balloted Draft standard clarifies:
- that the auditor should communicate to those charged with governance, unless specifically involved with management, significant findings and issues from the audit. These include a formal board of trustees, an individual with the level and authority and responsibility equivalent to an audit committee, a name fiduciary, the sponsor’s board of directors or audit committee, or another similar committee.
- That the auditor is required by AU-C 265 to communicate in writing to those charged with governance significant deficiencies and material weaknesses identified during the audit. Other communications to management may be in writing or orally for other deficiencies in internal control identified during the audit that the auditor considers sufficient to merit management’s attention.
Other Items to Note
- The new draft standard specifies that a recordkeeper sometimes will certify the investment information on behalf of the plan’s qualified institution as an “agent for.” The standard indicates this arrangement would generally be acceptable when there is a contractual agreement between a qualified institution and the recordkeeper, such that a recordkeeper is able to provide the certification on the qualified institution’s behalf.
- The new draft standard specifies that provisions of the plan instrument affect the financial statements and disclosures, including the note regarding the tax-qualified status of the plan and the amount of benefits paid to participants when they become eligible. Because the operation of the plan in accordance with its provisions is reflected on the financial statements, the standard emphasizes that it would be rare for it to be appropriate for the auditor not to test plan provisions.
- The standard specifically mentions ERISA Section 107 regarding recordkeeping requirements which provides record retention rules. It is noted throughout the new draft standard that management is responsible for maintaining records in sufficient detail to permit benefits to be properly calculated and paid when due.
As previously mentioned, the Final Balloted Draft standard shouldn’t affect the nature and extent of audit procedures performed by compliant auditors. However, the standard formally memorializes the objectives of the audits and the responsibilities of the auditor and management, to provide a clear framework of accountability for all parties involved. The clarity of the guidance will hopefully set the industry on a more even playing field, in which the auditors’ and management’s responsibilities are crystal clear instead of clear as mud.