In July 2019, the AICPA’s Audit Standards Board issued Statement on Auditing Standards (SAS) No. 136, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA. The new standard will have a significant impact on the highly specialized area of ERISA plan audits.


For context, the Employee Retirement Income Security Act of 1974 (ERISA) generally requires employee benefit plans with 100 or more participants to have an independent financial statement audit as part of the plan sponsor’s obligation to file a Form 5500. The primary objective of the audit is to provide assurance that the plan’s financial statements are free from material misstatements. The independent auditor is responsible for following auditing standards established by the AICPA, which are amended from time-to-time.

Over the past several years, the Department of Labor (DOL) voiced concerns over the quality of ERISA plan audits. In response, the agency completed an audit quality study in 2015. During the study, the DOL reviewed workpapers for 400 audits and estimated that nearly 40% of ERISA plan audits had major deficiencies that could potentially put millions of employees at risk. SAS 136 is an effort by the AICPA to address some of the audit deficiencies uncovered during the DOL audit quality study.

The Impact of SAS 136 to Plan Sponsors

One of the objectives of SAS 136 is to provide readers with a better understanding of the scope of the audit, as well as make clear the responsibilities of the plan sponsor and the auditor. With that in mind, the most significant change coming from the guidance impacts the audit report for ERISA plan financial statements. Language in the existing audit report will be re-ordered, clarified, and expanded in order to clearly express the audit opinion on ERISA plan financial statements. In other words, the audit report under SAS 136 will look significantly different once the new auditing standard is implemented.

SAS 136 also modified other auditing standards for ERISA plan audits, including the type of audit report issued. Administrators of ERISA plans can instruct their auditor to not perform any auditing procedures with respect to investment information prepared and certified by a bank or similar institution, or by an insurance carrier that is regulated, supervised, and subject to periodic examination by a state or federal agency that acts as a trustee or custodian. This is referred to as a “limited scope audit” under ERISA section 103(a)(3)(C). Under current auditing standards, the audit report that is produced under these circumstances is a “disclaimed audit opinion” which is acceptable by the DOL. SAS 136 still allows for a “limited scope audit,” but making this election is no longer considered a scope limitation.

Additionally, the name of this type of audit has changed. They will no longer be called a “limited scope audit.” They will now be referred to as an “ERISA section 103(a)(3)(C)” audit. The audit opinion of an “ERISA section 103(a)(3)(C)” audit will include information on the procedures performed on both certified information and non-certified information. Plans sponsors who elect to have an “ERISA section 103(a)(3)(C)” audit will need to assess whether the entity issuing the certification is a qualified institution. Plan sponsors will also be responsible for ensuring the certification meets ERISA requirements and for gaining an understanding as to which investments and disclosures are certified. Plan sponsors will need to acknowledge, in writing, as to whether all the conditions are met.

SAS 136 will also require auditors to communicate “reportable findings” to individuals charged with plan governance. “Reportable findings” are defined as one or more of the following:

  1. An identified instance of noncompliance or suspected noncompliance with laws or regulations,
  2. A finding arising from the audit that is, in the auditor’s professional judgment, significant and relevant to those charged with governance regarding their responsibility to oversee the financial reporting process,
  3. An indication of deficiencies in internal control identified during the audit that have not been communicated to management by other parties and that, in the auditor’s professional judgment, are of sufficient importance to merit management’s attention.

“Reportable findings” must be communicated in writing. This is similar to existing rules in place which are currently described as internal control material weaknesses and significant deficiencies.

Under SAS 136, as a precondition for an audit, the plan sponsor must understand and acknowledge, in writing, its responsibility for maintaining a current plan document and amendments. Plan sponsors must also acknowledge, in writing, that they have maintained sufficient participant records in order to determine benefits currently due or that will become due to participants. Prior to dating the audit report, ERISA plan auditors must review a draft of a substantially completed Form 5500. This is done so the auditor can identify any material inconsistencies or misstatements between the financial statements and the Form 5500 prior to the audit report date.

SAS 136 is effective for audits of ERISA plan financial statements for periods ending on or after December 15, 2020. This means most plan sponsors will see the impact of the new standard for their 2020 year end audits completed in 2021. Early adoption of the standard is not permitted.

In Summary

Once SAS 136 is implemented, expect to see a significantly revised audit report for your ERISA plan audits, as well as revisions on the audit engagement letter and representation letter. If you are planning to elect for an “ERISA Section 103(a)(3)(C)” audit (currently referred to as a “limited scope audit”), there will also be new inquiries and procedures surrounding your evaluation of the certification statement provided by the plan’s asset custodian or trustee. And last, expect to see some expanded communication of reportable findings from your auditor to management and individuals charged with the plan’s governance.

If you have any questions about SAS 136, or about ERISA plan audits, contact a Clark Nuber professional.

© Clark Nuber PS, 2020. All Rights Reserved

This article contains general information only and should not be construed as accounting, business, financial, investment, legal, tax, or other professional advice or services. Before making any decision or taking any action, you should engage a qualified professional advisor.