In April 2017, the Audit Standards Board (ASB) issued an exposure draft of the Proposed Statement on Auditing Standards (SAS), Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA. The proposed SAS was issued in response to the May 2015 report from the Department of Labor (DOL) that found nearly 40% of all employee benefit plan audits contained one or more major deficiencies. The new auditing standard was designed to enhance the quality of employee benefit plan audits and to strengthen the auditor’s report.
Once issued final, the new auditing standard is expected to be effective no earlier than for audits of financial statements for periods ending on or after December 15, 2020. Early adoption is not permitted. The new auditing standard does include transitional implementation guidance in year of adoption. Based on the ASB’s final issuance of its proposed SAS, Auditor Reporting, certain confirming amendments to the auditor’s report may be required. The audit reporting standard is expected to be finalized during the first half of 2019.
The new standard includes requirements for all phases of an employee benefit plan audit, including engagement acceptance, risk assessment and response, communication with those charged with governance, audit procedures and reporting.
Some of the more significant changes and/or provisions included in the new auditing standard are:
Changes to the form and content of the auditor’s report on the financial statements and the ERISA required supplemental schedules are among the most significant changes resulting from the new standard. As noted above, additional changes may be required to the auditor’s report in order to conform to the reporting requirements included in the final SAS, Auditor Reporting.
Gone, in name only, is the limited-scope audit. It has been replaced with the ERISA section 103(a)(3)(C) audit. Along with the name change, there are additional procedures required to be performed by plan management as well as the plan auditor. If plan management elects to have an ERISA section 103(a)(3)(C) audit performed, management will need to assess whether the entity issuing the certification is a qualified institution under DOL rules and regulations. Likewise, the auditor will need to perform additional procedures. The auditor is required to 1) evaluate management’s process for determining if the certification is from a qualified institution, 2) obtain from management and read the certification as it relates to investment information prepared and certified by a qualified institution, 3) compare the certified investment information with the related information presented and disclosed in the ERISA plan financial statements and ERISA-required supplemental schedules and 4) read the disclosures relating to the certified investment information to assess whether they are in accordance with the requirements of the applicable financial reporting framework.
ERISA section 103(a)(3)(C) auditor report will change so that modified opinions resulting from information certified by a qualified institution will no longer be issued. Rather, auditor’s report will provide a two-prong opinion - one opinion on whether the information covered by certification agrees to the certification; and the second opinion on whether information not covered by the certification is fairly presented.
Auditors are required to perform procedures sufficient to ensure that amounts received and disbursed as reported by the trustee or custodian were determined in accordance plan provisions. The auditor should consider the risk of material misstatement in determining which plan provisions are to be tested. Initially, the proposed audit standard would have required auditors to perform certain procedures regardless of risk of material misstatement.
Auditors are required to read the draft Form 5500 and identify material inconsistencies, if any, with the audited financial statements prior to dating the auditor’s report.