Posted By Maria T. Hurd, CPA, RPA
How Can a Valid Limited Scope Certification be Invalid?
Just as certificates of authenticity for rare artwork have certified that reproductions were the real deal, a 103(a)(3)(C) certification, better known as a limited scope certification, could certify an investment value that has not been determined in accordance with Generally Accepted Accounting Principles (GAAP), which requires, among other things, statement at fair value. Unfortunately, an employer’s responsibility does not stop at getting a valid ERISA Section 103(a)(3)(C) certification from a financial institution subject to periodic examination by a state or federal agency; regardless of whether they are certified, the investments listed on the financial statements must be presented in accordance with GAAP, but a fair value measurement analysis is beyond the scope of the certifying institution’s responsibility. In fact, ERISA only requires that plan custodians or trustees transmit and certify information as available in the institution’s “ordinary business records.” Therein lies the rub. Surprisingly, a valid certification as to the completeness and accuracy of the investment values on the statement, signed by an authorized representative of the regulated trustee or custodian, may not be enough if it doesn’t certify fair value. If the best information available to the financial institution when the statements are produced is not fair value, a value that cannot used by auditors will be certified.
How Did We Get Here?
When the ERISA Section 103(a)(3)(C) audit election was established by ERISA in 1974, most plan investments were held in common stocks, mutual funds, bonds, and other marketable securities with readily available prices provided by independent pricing services. When plans are invested solely in assets with readily determinable fair values, such as exchange-traded securities or other marketable securities, the trustee or custodian typically obtains values from nationally recognized pricing services. In those cases, the auditor can use the certification because the best available information represents fair value, which is consistent with GAAP. Since ERISA was enacted in 1974, however, many plans have shifted their investment line-ups to include “alternative investments” such as limited partnerships, private equity funds, and hedge funds, all of which are less marketable (funds), and whose market values are based on valuations determined by the funds’ accountants rather than by independent pricing services.
When plans invest in assets without readily determinable fair values, the values on the trust statement may be a pass-through of the values provided by the funds or provided by a boutique vendor or broker for nonmarketable securities. Plan sponsors may also direct the trustee or custodian to use prices provided by a designated investment manager or fiduciary. In those cases, the reported values are based on the best information available to the trustee and custodian at the time the trustee or custodial statement is prepared, which may or may not be fair value as of the plan’s year-end. The plan sponsor’s contract or service agreement with the trustee or custodian will generally indicate how assets are to be valued and accounted for in periodic and annual reporting.
Whose Job Is It to Evaluate the Certification and Fair Value in Accordance with GAAP?
The Custodian or Trustee? No.
Qualified institutions generally do not perform the fair value analysis required by GAAP as part of the asset valuation and certification process.
The employer? Yes.
The plan administrator’s responsibility for preparing the plan’s financial statements and disclosures includes the responsibility for determining that any certified investment information that is included in the financial statements is appropriately measured, presented, and disclosed in accordance with GAAP.
The auditor? Inquire, Review, Obtain, Read, Compare, Assess, and Obtain Representations
The auditor is required at the engagement acceptance phase to inquire about how management determined that the certifying entity is a qualified institution under DOL regulations and, during the audit, to review that assessment. The auditor also is required to obtain and review a copy of the certification; identify which investments are certified; compare the certified investment information with the related information presented and disclosed in the financial statements and ERISA-required supplemental schedules; and read the disclosures relating to the certified investment information to assess whether they are in accordance with the presentation and disclosure requirements of GAAP. The auditor also is required to obtain additional representations from management regarding its responsibilities when electing an ERISA Section 103(a)(3)(C) audit.
The Buck Stops with the Employer
No matter how much full-service providers claim that they will take care of EVERYTHING, everything never seems to include whatever goes wrong. The plan sponsor’s contract or service agreement with the trustee or custodian will generally indicate how assets are to be valued and accounted for in periodic and annual reporting. A fair value measurement analysis will generally be beyond the scope of a certifying institution’s production of annual statements and ordinary business records.
Therefore, management’s responsibility does not necessarily end with the plan’s receipt of the certification from the bank trustee. A fair value analysis is still required for all investments, especially for alternative investments or those assets that have not been priced by an independent source. This analysis is required to ensure that the value of the plan assets is consistent with GAAP and ERISA requirements, regardless of whether the auditor is engaged to perform an ERISA Section 103(a)(3)(C) audit.
The Auditor’s Report
The auditor’s report in accordance with AU-C Section 703 will provide a two-pronged opinion:
- an opinion on whether the amounts and disclosures in the financial statements not covered by the certification are presented fairly, in all material respects, in accordance with GAAP, and
- an opinion on whether the certified investment information in the financial statements agrees to or is derived from, in all material respects, the certification.
In addition to providing a two-pronged opinion on the financial statements, the auditor’s report will outline management’s responsibilities and the auditor’s responsibilities with a lot more detail and precision than previously required. See pages 5-7 of the AICPA ERISA Section 103(a)(3)(C) audits of employee benefit plans for a sample Independent Auditor’s Report.
Nothing is Different Except for Accountability and Transparency
Ignorance of the law has never been an admissible defense, but it doesn’t stop perpetrators from trying. SAS 136 removes deficient auditors’ ability to claim ignorance by codifying audit procedures in the Employee Benefit Plan Audit Guide and updating the audit report, management representation letter, and communications with governance to spell out management’s and the auditors’ responsibilities. No longer can all the stakeholders lie by omission, hiding behind a disclaimed audit opinion that only emphasizes what was not done. Once and for all, SAS 136 levels the playing field by allowing compliant auditors to take credit for the good work they have always done and forcing deficient auditors to do what the audit opinion says they did. Concomitantly, employers cannot rest on their laurels, thinking that auditors are part of their internal controls. Instead of resting easy, hoping the accuracy of the financial statements is the auditor’s responsibility, they will be forced to be more actively engaged and participatory in the process of ensuring financial statements are in accordance with GAAP. Due to SAS 136, both management and the auditor will be accountable for their responsibilities, and openly take credit for them.
Photo By: Isidor Hefter
