Under a new auditing standard, benefit plan sponsors have added responsibilities when preparing for plan audits and face greater liability risks if they fail to meet these new requirements.
Statement on Auditing Standards (SAS) 136 was adopted by the American Institute of Certified Public Accountants (AICPA) in July 2019 with implementation originally set for Dec. 15, 2020. Due to the COVID-19 pandemic, implementation was delayed by one year until Dec. 15, 2021, when the standard took effect.
New HR Responsibilities
"Although SAS 136 imposes new duties on auditors, employee benefit plan sponsors also have increased responsibilities under this new standard," Deborah Andrews, an attorney in the Washington, D.C., office of law firm Ogletree Deakins, and Ruth Anne Collins Michels, an attorney in the firm's Atlanta office, wrote last year when the delay was announced.
In general, the attorneys explained, the Employee Retirement Income Security Act (ERISA) requires employers that sponsor plans with 100 or more participants to engage a qualified accountant to audit the plan's financial statements. SAS 136 requires plan sponsors to provide additional information and documentation to the auditor in the following areas:
AcknowledgEment of responsibility.
Under SAS 136, plan sponsors must acknowledge their responsibility for the plan's administration in the audit engagement letter. In addition, plan sponsors are required to provide written representations at the end of the audit regarding their responsibilities.
"These responsibilities include maintaining a copy of the current plan document and amendments, ensuring that plan transactions are consistent with plan provisions, and maintaining sufficient participant records to determine the benefits due under the plan," Andrews and Michels wrote.
They added, "Although a plan sponsor may use a service provider to assist with the plan's administration, it is the plan sponsor's responsibility to make sure that plan documents are maintained and that plan transactions are accurate and properly documented."
Plan sponsors may continue to exclude investment information prepared and certified by a "qualified institution," such as a bank or insurance company, when opting for a limited-scope audit, which is now referred to as an "ERISA Section 103(a)(3)(C) audit."
However, "if a plan sponsor elects an ERISA Section 103(a)(3)(C) audit, the plan sponsor must provide the auditor with a written acknowledgement that the audit is permissible and that the certification satisfies the ERISA requirements," Andrews and Michels explained.
Auditors also are required to ask how management determined that the certifying entity is a qualified institution.
Before issuing an audit report, SAS 136 requires plan sponsors to provide auditors with a draft of a substantially completed Form 5500, including related schedules.
"The auditor will review the documents to identify any material inconsistencies between the financial statements and the Form 5500," Andrews and Michels noted. "If there are discrepancies, the auditor will determine whether the Form 5500 or financial statements need to be corrected."
In addition, "the plan sponsor may need to coordinate with the preparer of the Form 5500 to ensure that the auditor will receive a substantially completed Form 5500 in a timely manner."
As a result of these changes, "plan sponsors may be spending more time preparing for the audit," Andrews and Michels wrote. "Plan sponsors may want to ensure that they understand their new responsibilities, evaluate current procedures and make any necessary adjustments to comply with the new requirements under SAS 136."
Added Risks for Plan Sponsors
Under SAS 136, "the burden for producing the added plan-related documentation required will likely fall to employers' human resources departments," according to a January 2022 alert by law firm Roland Criss, based in Arlington, Texas.
"SAS 136 transfers a significant amount of liability for an audit's accuracy from an auditor to a plan's fiduciaries, increasing the need for error-free payroll files and impeccable compliance in areas like compensation, distributions and vendors' fees," the firm noted.
Tips for Working with Benefit Plan Auditors
To help HR teams work effectively with plan auditors, John R. Masheck, CPA, and David Rich, CPA, with Cincinnati-based business advisory and accounting firm Clark Schaefer Hackett posted six steps for a smooth audit, summarized below:
1. Take a hard look at your auditors. Partner with audit professionals who focus their time on employee benefits plans and staff their engagements with an experienced team.
2. Invest time and effort to prepare. Gather all relevant documents, including your current plan document, all plan amendments, plan committee minutes and service agreements. Double-check with your plan's oversight committee and your third-party administrator to ensure your records are current and all documents are complete.
3. Discuss the audit plan. Meet with your audit team to go over the details and the relevant documentation you have provided. This is also a good time to discuss what additional information will be needed during the audit itself, so you can have those details at hand when the time comes. The planning stage is also when you want to establish points of contact within your organization and your auditing firm and agree on a timeline.
4. Be available and involved during your audit. Due to the depth and complexity of a benefit plan audit, HR staff that will be working with the audit team should make themselves as available as possible. A best practice is to establish touchpoints throughout the audit to ensure communication is regular and everyone is updated.
5. Seek actionable feedback from the audit report. Meet with your auditors to discuss the findings, including any recommendations for improvement that were uncovered during the process. Ask questions, probe for more information, and stay committed so your partnership with your auditors can grow and flourish.
6. Keep your auditors informed all year. Given the amount of IRS and Department of Labor requirements, there is plenty of room for mistakes to occur. Keeping your auditor informed of critical business changes, goals of the plan and complexities you encounter in your internal control systems is the best way to be proactive in assessing the impact of the plan and making any necessary corrections promptly.