The AICPA’s Statement on Accounting Standards No. 136 (SAS 136) will meaningfully change the audit process for defined contribution plan sponsors. The AICPA issued SAS 136 in July 2019 with the goal of giving readers of the audit report a better understanding of the scope of the audit, as well as clarifying the responsibilities of the plan sponsor and auditor. SAS 136 requires a greater level of written communication to those charged with governance.
Plan sponsors should expect more communication from auditors throughout the audit process. Proactive planning can help to ensure there are no surprises at the end of the audit.
Background on SAS 136
The Department of Labor (DOL) has increased its focus on the quality of retirement plan audits over the past decade. In 2015, the DOL’s Employee Benefits Security Administration (EBSA) conducted a study of 400 audits on plans subject to the 1974 Employee Retirement Income Security Act (ERISA). The study found that nearly four out of 10 audits contained major deficiencies, leading to rejected Form 5500s. The AICPA, working in consultation with the EBSA, issued SAS 136 to improve the consistency and transparency of audits as well as expand the level of communication between auditors and their clients.
In March, BDO published an overview of SAS 136 and its general changes on procedures and documentation, including the introduction of the ERISA Section 103(a)(3)(C) audit in place of the “limited scope” audit. While the new rule is effective for audits covering periods ending on or after December 15, 2021, some auditors have already adopted SAS 136.
Required Communication for Reportable Findings
One major change under SAS 136 is the requirement for auditors to communicate “reportable findings” to those charged with plan governance. SAS 136 takes concepts from three clarified auditing standards (AU-Cs) as the basis for determining a reportable finding. While some of these communications were previously handled verbally, all are now required to be provided in writing.
- AU-C 250: Non-compliance (or suspected non-compliance) with laws and / or regulations
- AU-C 260: Certain findings that the auditor believes are significant and relevant to those charged with governance
- AU-C 265: Deficiencies in internal controls found during the audit that the auditor finds merit management’s attention
Under SAS 136’s AU-C 250, non-compliance with laws and regulations is not a gray area and is always considered a reportable finding. For issues covered by AU-C 260 and AU-C 265, consideration of auditor’s professional judgment in determining what is a reportable finding. This means that all audit findings and controls deficiencies are not necessarily a reportable finding, it is dependent on the facts and circumstances of the audit and plan.
How Plan Sponsors Can Prepare for Audits Under SAS 136
Plan sponsors should have discussions with their auditors to learn about the updated responsibilities under SAS 136. Before the audit commences, plan sponsors and their auditors should collaborate to define issues of importance (above the minimum auditing standard).
In addition, plan sponsors and their auditors should agree upon the extent of interaction during the audit process to discuss audit results and get real-time updates on findings. Doing this kind of planning before the process starts will alleviate surprises. Beyond the benefits to auditors, these planned meetings may aid plan sponsors in identifying common issues that need to be addressed.
Increase Your Engagement in the Audit Process
SAS 136 has many new requirements that are intended to increase the transparency of audit reports as well as the plan sponsors’ involvement in the audit process. The goal is to yield a higher quality audit and ultimately a stronger, better-managed plan. But these positive outcomes won’t occur unless plan sponsors and auditors communicate to ensure that everyone understands the objectives of the audit and roles and responsibilities of the auditor.