The American Institute of Certified Public Accountants has introduced new rules governing audits of ERISA plans. The rules were originally published in July 2019 in a document titled “Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA.” In summary, the new rules will change the name of these audits, update the type of opinion provided, and create additional responsibilities for both plan sponsors and auditors. The new rules were supposed to go into effect in 2020, but because of the COVID-19 pandemic, December 15, 2021 became the new deadline.
One notable change that plan administrators should be aware of is that limited scope audits have been renamed. The AICPA believed that the term “limited scope audit” carried an untrue connotation both for plan sponsors, implying that there were issues discovered during the audit requiring a “bad” opinion, as well as for auditors, implying that testing of plan provisions was not required because the audit was limited in scope. Consequently, limited scope audits are now referred to as “Section 103(a)(3)(C)” audits. By using legal terminology instead of the simplified term, the AICPA hopes to stress the importance of these audits being treated seriously for the protection of all parties involved.
In general, Section 103(a)(3)(C) audits give plan managers the option to exclude testing of specific investment information that is maintained and certified by a qualified financial institution. In the past, auditors issued a disclaimer of opinion because there was information in the financial statements that was untested. Now, the new rules require auditors to provide what is referred to as a “dual-pronged” opinion. Auditors now say whether uncertified investment information (usually participant loans) is presented fairly and whether the certified data received from financial institutions materially agrees with financial statements
Under the new rules, companies sponsoring 401(k) plans have additional responsibilities which will be included in engagement letters and management representation letters. These plan sponsors must accept responsibility for properly administering the plan in accordance with ERISA rules. Additionally, they must understand the requirement to provide accurate financial statements and that they are responsible for maintaining updated plan documents at all times. Plan sponsors must also acknowledge that they understand their responsibility for keeping sufficient records for participant transactions.
Plan sponsors will also have to acknowledge that they are responsible for providing a substantially completed Form 5500 document. Plan sponsors must now finish their year-end questionnaires early because auditors are required to review the form before they can sign off on a plan’s reports.
If your auditor was doing a thorough job before, there shouldn’t be much that changes in their requests, but under the new rules, auditors are responsible for explicitly documenting certain considerations. It is now required for auditors to make sure that plan managers understand and acknowledge their updated responsibilities. Auditors have to review compliance testing to ensure any failures are properly corrected. Auditors also are tasked with reviewing the certification to ensure it is from a qualified institution and to determine whether any investments are not included. Finally, auditors have to carefully review all plan provisions to confirm that deposited contributions and disbursed payments match those provisions.
Auditors are also required to have a meeting with plan administrators when any discrepancies are discovered. An auditor can then request corrections be made before financial statements are issued. Meetings should be held whenever investment information is incorrect, incomplete, or perceived to be unsatisfactory by the auditor.