| Dear Center Members: |
|
This EBPAQC Alert contains information about the recently approved Statement on Auditing Standards, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA, including a summary of the new standard, a link to the final balloted draft, and information about the effective date. |
|
New Statement on Auditing Standards, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA
The AICPA Auditing Standards Board (ASB) recently voted to approve Statement on Auditing Standards, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA (EBP SAS), as a final standard. The EBP SAS prescribes certain new performance requirements for an audit of financial statements of employee benefit plans subject to the Employee Retirement Income Security Act of 1974 (ERISA), and changes the form and content of the related auditor's report. It should not be adapted for plans that are not subject to ERISA. The ASB-approved EBP SAS is available on the AICPA's website.
New Standard Will Be Conformed to New SAS on Auditor Reports
Certain conforming amendments related to the form and content of the auditor's reports in the EBP SAS may still be necessary, based on the results of the ASB's deliberations of proposed SASs, Auditor Reporting, and related amendments. The Auditor Reporting SASs are expected to be issued in the first half of 2019. As such, the EBP SAS is also expected to be issued, pending completion of the Auditor Reporting SASs, in the first half of 2019.
Effective Date and Adoption
When issued (after the above-mentioned conforming changes are made), the EBP SAS is expected to be effective no earlier than for audits of financial statements for periods ending on or after December 15, 2020. Early adoption is not permitted. The EBP SAS includes transitional implementation reporting guidance upon initial adoption of the SAS. The final balloted draft of the EBP SAS is available for auditors to read and consider in order to adequately prepare for implementation.
About the New EBP SAS
The new standard includes new requirements in all phases of an audit of ERISA plan financial statements (EBP audit), including engagement acceptance, risk assessment and response, communication with those charged with governance, performance procedures, and reporting. The standard is not all-inclusive; when performing an EBP audit, all the AU-C sections apply, except for the following, which are specifically covered in the EBP SAS:
- AU-C section 700, Forming an Opinion and Reporting on Financial Statements
- Paragraph .09 of AU-C section 725, Supplementary Information in Relation to the Financial Statements as a Whole
In addition, the EBP SAS contains incremental requirements to AU-C section 210, Terms of Engagement; AU-C section 250, Consideration of Laws and Regulations in an Audit of Financial Statements; AU-C section 260, The Auditor's Communication With Those Charged With Governance; and AU-C section 580, Written Representations.
Form and Content of Auditor's Report (subject to conforming amendments and therefore will change)
The most significant changes resulting from the EBP SAS are to the form and content of the auditor's report on the plan financial statements and ERISA-required supplemental schedules. As noted above, the EBP SAS will be conformed to the final Auditor Reporting SASs. As such, this Alert does not provide details of the new requirements related to the form and content of the auditor's report; the EBPAQC will communicate the details of those changes when the EBP SAS is issued in final.
"Limited Scope Audit" Replaced with Term "ERISA section 103(a)(3)(C) audit"
Another significant change is that an audit performed pursuant to ERISA section 103(a)(3)(C) will no longer be referred to as a "limited scope audit" but rather going forward referred to as an "ERISA section 103(a)(3)(C) audit." The EBP SAS includes new performance and reporting requirements specific to ERISA section 103(a)(3)(C) audits, which are detailed below.
Modified Opinions No Longer Issued Due to Information Certified by a Qualified Institution
The ERISA SAS notes that an ERISA section 103(a)(3)(C) audit is unique to EBPs and is not considered a scope limitation, therefore the auditor would no longer issue a modified opinion (typically a disclaimer of opinion) due to information that is certified by a qualified institution. Instead, the report provides a two-pronged opinion that is based on the audit and on the procedures performed relating to the certified investment information. It provides an opinion on whether the information not covered by certification is presented fairly, and an opinion on whether the certified investment information in the financial statements agrees to or is derived from the certification.
Other Key Provisions
Other key provisions included in the SAS include the following:
- Engagement Acceptance
- Risk Assessment and response
- Performance Procedures
- Review of Draft Form 5500
- Evaluation and Documentation
- Communications with Management and Those Charged with Governance
- Management Representations
- Reporting including new ERISA section 103(a)(3)(C) report (subject to conforming amendments and therefore will change)
Engagement Acceptance. The EBP SAS includes new engagement acceptance requirements in addition to the preconditions for an audit in AU-C section 210, Terms of Engagement. This will typically result in acknowledgment in the engagement letter of management's responsibilities for maintaining a current plan instrument, administering the plan, and providing the auditor with a draft Form 5500 prior to the dating of the auditor's report. It also includes new acknowledgements related to management's responsibilities with respect to the investment certification when management elects to have an ERISA Section 103(a)(3)(C) audit.
Risk Assessment and Response. The EBP SAS specifically requires that the auditor obtain and read the most current plan instrument for the audit period, including effective amendments, as part of obtaining an understanding of the entity sufficient to perform risk assessment procedures.
Performance Procedures. The EBP SAS requires that the auditor perform the procedures necessary to become satisfied that received and disbursed amounts (for example, employer or employee contributions and benefit payments) reported by the trustee or custodian were determined in accordance with the plan provisions. When designing and performing audit procedures, the auditor should:
- Consider relevant plan provisions that affect the risk of material misstatement at the relevant assertion level for classes of transactions, account balances, and disclosures. The EBP SAS notes that Because of the nature of EBP audits, it would be rare for the auditor, based upon the assessed risks of material misstatement at the relevant assertion level, not to test any relevant plan provisions. The EBP SAS includes an appendix A that provides some examples of plan provisions often included in a plan instrument by audit area.
- Evaluate whether prohibited transactions identified by management or as part of the audit have been appropriately reported in the applicable ERISA-required supplemental schedules.
When management elects to have an ERISA Section 103(a)(3)(C) audit, the auditor also is required to:
- Identify which investment information is certified, and perform audit procedures on the financial statement information, including the disclosures, not covered by the certification as well as noninvestment-related information based on the assessed risk of material misstatement. Plans may hold investments in which only a portion are covered by a certification by a qualified institution. In that case, the auditor should perform audit procedures on the investment information that has not been certified.
- Inquire of management about how management determined that the entity preparing and certifying the investment information is a qualified institution under DOL rules and regulations and evaluate management's assessment of whether the institution issuing the certification is qualified.
- Perform the following procedures on the certified investment information:
Obtain from management and read the certification as it relates to investment information prepared and certified by a qualified institution.
Compare the certified investment information with the related information presented and disclosed in the ERISA plan financial statements and ERISA-required supplemental schedules.
Read the disclosures relating to the certified investment information to assess whether they are in accordance with the presentation and disclosure requirements of the applicable financial reporting framework.
Review of Draft Form 5500. The EBP SAS requires the auditor to make appropriate arrangements with management to obtain the draft Form 5500, and read the draft Form 5500 in order to identify material inconsistencies, if any, with the audited ERISA plan financial statements prior to dating the auditor's report. If the auditor identifies a material inconsistency, he or she is required to determine whether the audited ERISA plan financial statements or the draft Form 5500 need to be revised.
Evaluation and Documentation. If the auditor has determined that it is not necessary to test any relevant plan provisions as part of risk assessment, the auditor is required to document the considerations in reaching such conclusion. When the audit work performed results in the identification of items that are not in accordance with the criteria specified (for example, not in accordance with the plan instrument), the auditor should evaluate whether the matters are reportable findings, which are defined in the EBP SAS as matters that are one or more of the following:
- An identified instance of noncompliance or suspected noncompliance with laws or regulations in accordance with AU-C section 250
- A finding arising from the audit that is, in the auditor's professional judgment, significant and relevant to those charged with governance regarding their responsibility to oversee the financial reporting process in accordance with AU-C section 260
- An indication of deficiencies in internal control identified during the audit that have not been communicated to management by other parties and that, in the auditor's professional judgment, are of sufficient importance to merit management's attention in accordance with AU-C section 265, Communicating Internal Control Related Matters Identified in an Audit
The auditor should not issue a written communication stating that no reportable findings were identified during the audit.
Communications with Management and Those Charged with Governance. The auditor is required to make certain communications with management and/or those charged with governance. Reportable findings should be communicated in writing to those charged with governance, in a timely manner, in accordance with the requirements in other relevant AU-C sections. The EBP SAS also includes discussions of other matters that should be discussed with management and those charged with governance, including matters that may arise when an ERISA Section 103(a)(3)(C) audit is performed.
Management Representations. The EBP SAS requires that the auditor obtain certain written management representations in addition to those required by AU-C section 580, regarding management's responsibilities for maintaining a current plan instrument, administering the plan, and providing the auditor with a draft Form 5500 prior to the dating of the auditor's report. It also includes new acknowledgements related to management's responsibilities with respect to the investment certification when management elects to have an ERISA Section 103(a)(3)(C) audit.
Reporting. The EBP SAS includes new reporting requirements regarding identified prohibited transactions not appropriately reported in the applicable ERISA-required supplemental schedules that have been discussed with those charged with governance. The auditor is required to:
- Modify the opinion on the supplemental schedule, when the effect of the transaction is material based on the financial statements as a whole.
- Include additional discussion in the other-matter paragraph in the auditor's report on the supplemental schedules describing the prohibited transaction if the effect of the prohibited transaction is not material to the financial statements.
- If the prohibited party-in-interest transaction is material and is also considered a related party transaction, and that transaction is not properly disclosed in the notes to the plan financial statements, modify the auditor's opinion on the financial statements due to a departure from the applicable financial reporting framework.
|
Sincerely,
AICPA Employee Benefit Plan Audit Quality Center |
|
 |
|
| In This Alert |
|
| Additional Resources |
|
| Stay Informed |
We welcome any suggestions or questions - please send them by e-mail at EBPAQC@aicpa.org.
Members of the Employee Benefit Plan Audit Quality Center (EBPAQC) may only reproduce and distribute EBPAQC Alertsinternally within the firm to other Center member firm personnel as part of the firms' professional services. For information about permission to copy any part of these documents for redistribution or inclusion in other work, please click on the copyright notice at the bottom of the page or phone the copyright permission hotline (919) 402-4031.
©2018 Association of International Certified Professional Accountants.
Online privacy policies and copyright information.
220 Leigh Farm Road, Durham, NC 27707-8110.
|
|
|
|
|
