Preconditions for an ERISA Section 103(a)(3)(C) audit under SAS 136 

Charlie Hollingworth 
Preconditions for an ERISA Section 103(a)(3)(C) audit

The American Institute of Certified Public Accountants (AICPA) Auditing Standards Board (ASB) recently enacted the most sweeping changes to its employee benefit plan audit requirements in more than two decades. In July 2019, the ASB issued its transformative Statement on Auditing Standards (SAS) 136, “Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA” (codified as AICPA, Professional Standards, AU-C 703). SAS 136 is effective for audits of Employee Retirement Income Security Act of 1974 (ERISA) plan financial statements for periods ending on or after Dec. 15, 2021. While the new SAS does not affect the accounting or financial statement reporting for plans, it will affect every other aspect of the audit, including engagement acceptance, the audit opinion, audit procedures, and required communications at the conclusion of the audit.

Following is information about the new preconditions for engagement acceptance required by SAS 136, which represent the most pressing issue for management as it prepares for upcoming 2021 calendar year-end audits.

What are the new preconditions of SAS 136? 

AU-C 210, “Terms of Engagement,” states that preconditions for an audit include management’s use of an acceptable financial reporting framework in the preparation and fair presentation of the financial statements and the agreement of management and, when appropriate, those charged with governance to the premise on which an audit is conducted.

SAS 136 expands on the preconditions noted in AU-C 210 to state that management must actively acknowledge its understanding of its responsibilities related to both:

  • Maintaining a current plan instrument – including all plan amendments
  • Administering the plan and determining that the plan’s transactions that are presented and disclosed in the ERISA plan financial statements conform with the plan’s provisions, which includes maintaining sufficient records with respect to each of the participants in order to determine the benefits due to or the benefits that may become due to such participants

Further, when management elects to have an ERISA Section 103(a)(3)(C) audit (previously known as a limited scope audit) completed, it must verify each of the following:

  • An ERISA Section 103(a)(3)(C) audit is permissible under the circumstances.
  • The investment information is prepared and certified by a qualified institution, as described in 29 Code of Federal Regulations (CFR) 2520.103-8.
  • The certification meets the requirements in 29 CFR 2520.103-5.
  • The certified investment information is appropriately measured, presented, and disclosed in accordance with the applicable financial reporting framework.

What can be done now to prepare for the preconditions stated in SAS 136?

Management should review its procedures related to maintaining its governing plan instrument, administering the plan, and, if appropriate, determining whether an ERISA Section 103(a)(3)(C) audit is permissible and if the certifications are sufficient. This review might identify a need to implement new procedures or expand existing procedures to ensure compliance with SAS 136. For example, management might need to document its periodic review and analysis of the governing plan instrument during oversight committee meetings or meetings with the plan’s ERISA attorney. This review should address whether the plan instrument is up to date with the latest required amendments and in compliance with current ERISA provisions.

Documentation should be developed and maintained to demonstrate management’s compliance with the preconditions. Prior to accepting an audit, auditors must obtain and consider documentation from management supporting its analysis of the preconditions.

How does management know if an ERISA Section 103(a)(3)(C) audit is allowable? 

Prior to engaging an auditor, management must determine if an ERISA Section 103(a)(3)(C) audit is allowable. To make this determination, management should work with its third-party service providers to address the following questions:

  • Is an ERISA Section 103(a)(3)(C) audit appropriate given the structure and filing requirements of the plan? For example, an ERISA Section 103(a)(3)(C) audit is not acceptable for a plan that files a Form 11-K with the Securities and Exchange Commission (SEC).
  • Is the investment information prepared and certified by a qualified institution or an agent qualified to certify on behalf of a qualified institution, in conformity with Department of Labor (DOL) Regulation 29 CFR 2520.103-8? Qualified institutions include banks, trust companies, or insurance companies that are regulated, supervised, and subject to periodic examination by a state or federal agency. Note: Investment companies and broker-dealers are not considered qualified institutions when it comes to providing a certification required for an ERISA Section 103(a)(3)(C) audit.
  • Is the certification in writing and signed by a person authorized to represent the qualified institution, and does it address both the accuracy and completeness of the investment information, in conformity with DOL Regulation 29 CFR 2520.103-5? Note: Certifications from qualified institutions that address only accuracy or completeness – but not both – do not comply with the DOL’s regulations for an ERISA Section 103(a)(3)(C) audit.
  • Does the certification or the plan’s reporting package include any conflicting language or evidence that would qualify or call into question the accuracy and completeness of the investment information?
  • Is the investment information presented in the plan’s reporting package and certified by a qualified institution or an agent qualified to certify on behalf of a qualified institution appropriately valued for financial statement reporting purposes?

In addition to other helpful information related to implementation of SAS 136, the AICPA Employee Benefit Plan Audit Quality Center has released a certification assessment tool to assist plan management in determining whether the preconditions necessary for an ERISA Section 103(a)(3)(C) audit have been met.

How can Crowe help?

If you have any questions related to SAS 136 or the analysis or documentation of the new preconditions, including analysis of certification necessary for an ERISA Section 103(a)(3)(C) audit, please contact us.
Charlie Hollingworth
Charlie Hollingworth