Breaking Down SAS 136 and its impact on Employee Benefit Plan Audits

By Robert J. Behr, CPA | February 2, 2022

Statement on Auditing Standards (SAS) 136 was issued by the AICPA’s Auditing Standards Board to address changes to audits of employee benefit plans subject to the Employee Retirement Income Security Act of 1974 (ERISA).

The purpose of this new standard is to improve auditor performance, enhance the quality of employee benefit plan audits, and increase the communicative value and transparency of the auditor’s report for ERISA plan financial statements.

SAS 136 is effective for audits of ERISA plan financial statements for periods ending on or after December 15, 2021. This means that the 2021 year-end audits being performed in 2022 will be required to follow the performance and reporting requirements.

The impact of SAS 136 for the plan’s management/sponsors and auditors is summarized below, in addition to key audit report changes.

Plan Management/Sponsor Responsibilities: 

  • Maintain a current plan instrument (including all plan amendments).
  • Ensure the plan is being administered in conformity with the plan’s provisions.
  • Determine whether an ERISA Section 103(a)(3)(C) audit is permissible.
  • Assess if the entity issuing the certification is a qualified institution under ERISA Section 103(a)(3)(C).
  • Determine whether the investment certification meets the ERISA requirement and the certified investment information is appropriately measured, presented, and disclosed.
  • Provide the auditor with a substantially completed draft Form 5500 prior to the dating of the auditor’s report.

Auditor Responsibilities:

  • Perform risk assessment procedures related to the plan instrument, tax status, prohibited transactions, and respond to identified risks.
  • Evaluate management’s assessment of whether the institution issuing the investment certification is qualified.
  • Identify which investment information is certified.
  • Perform audit procedures on the financial statement information not covered by the certification.
  • Communicate reportable findings to those charged with governance, including:
    • Instances of noncompliance or suspected noncompliance with laws or regulations;
    • Significant or relevant findings relating to management’s financial reporting process;
    • Deficiencies in internal control.

Audit Report Changes:

  • These audits will no longer be referred to as a “limited scope audit,” but are now referred to as an “ERISA Section 103(a)(3)(C) audit.”
  • These audits will no longer be considered as having a scope limitation, and the auditor will follow new performance and reporting requirements.
  • The auditor will no longer issue a disclaimer of opinion, but instead will issue an ERISA-Section 103(a)(3)(C) auditor’s report in accordance with AU-C Section 703 that contains a two-pronged opinion that is based on the audit and on the procedures performed relating to the certified investment information.
  • The audit report provides an opinion on whether the amounts and disclosures in the financial statements not covered by the certification are presented fairly, in all material respects, in accordance with the applicable financial reporting framework, and an opinion on whether the certified investment information in the financial statements agrees to or is derived from, in all material respects, the certification.

McClintock and Associates believes that these changes will require extra time and actions on the part of both the auditor and the plan’s management/sponsor. Please begin to review these new requirements to be prepared to fully implement them for your 2021 plan audit. Feel free to reach out to your audit team at M&A with any questions or concerns you may have.

Questions about your employee benefit plans?

We can help! Schedule a call with one of our industry experts.